How to Easily Create a vSAN iSCSI LUN

Save to My DOJO

How to Easily Create a vSAN iSCSI LUN

Before talking about vSAN iSCSI, allow me to quickly reiterate what VMware vSAN is all about. In a nutshell, vSAN allows you to pool physical disks from multiple ESXi hosts to create one distributed but shared datastore. The resulting vSAN datastore is accessible from any host that is a member of the cluster where vSAN is enabled. In How to setup vSAN using a nested environment, I cover the process of setting up vSAN in some detail, so give it a read when you can.

VMware’s hyper-converged architecture approach eradicates the requirement for a full-blown SAN such as iSCSI storage vs vSAN while satisfying most networked-storage needs. To a lesser extent, costs are better contained which is more so true when deploying vSAN on commodity hardware, as long as it is certified in the vSAN HCL.

Carving out iSCSI LUNs from whichever storage solution is in use, is one task storage admins routinely carry out. An iSCSI LUN is nothing but a block of storage space accessible over a network via the iSCSI protocol. Similarly, you can publish LUNs if you add iSCSI to vSAN, the vSAN iSCSI limitations being that they can only be mounted on machines extraneous to a vSphere environment. So, the answer is no. It is not possible to have a vSAN iSCSI LUN set up as an ESXi datastore. Nor can it be consumed by vSphere VMs.

Trust me, these are the first two things I tried doing when testing the feature using vSAN 6.6.1. You can read more about the benefits and limitations in this KB article, a portion of which I reproduced as follows. However, you can mount a remote vSAN datastore using vSAN HCI mesh compute cluster in vSphere 7u2.

vSAN iSCSI LUNs benefits and limitations

Despite the vSAN iSCSI limitations, vSAN iSCSI LUNs always come in handy. On that note, I will be showing you how to create a vSAN iSCSI LUN and how to mount it on a Windows 10 machine.

Requirements

Today’s only requirement is that you have vSAN configured in your environment. In my case, I run a 3-nested hosts vSphere cluster. If you have a physical vSAN, the better. If not, follow the instructions in the aforementioned post to replicate the steps outlined next.

As I’m writing this, I also finished updating my vSphere environment to ESXi 7.0.3 which means, I’m now running vSAN 7.0.3 (Build #: 18644231). If you’re wondering can vSAN and iSCSI be on the same VLAN, it is possible but VMware recommends against it, it is recommended to have vSAN in its own VLAN.

The vSAN version is tied to the vSphere version.

Creating a vSAN iSCSI LUN

Enable the iSCSI Target Service

First and foremost, we must enable the vSAN iSCSI Target Service (add iSCSI to vSAN).

    1. Select your vSAN cluster
    2. Click on Configure
    3. Under vSAN, click on Services
    4. Scroll down to vSAN iSCSI Target Service and click Enable
    5. Then select the correct VMkernel interface and click Enable.

You can leave Default authentication disabled or else select between CHAP and Mutual Chap if security is a concern. The Default iSCSI network is automatically set using an ESXi host’s VMkernel configured for vSAN. You are also allowed to change the default iSCSI network port and the storage policy if required.

Enabling the vSAN iSCSI target service

Enabling the vSAN iSCSI target service

Create an iSCSI Initiator group

You must next decide which machines will be allowed access to the LUN. We refer to anything that can potentially access a LUN as an iSCSI Initiator or client. If you’re planning on giving LUN access to a number of initiators, a cluster comes to mind, it’s always best to create an iSCSI Initiator Group for better security management. With that said, let’s go ahead and create an iSCSI Initiator Group.

First, it’s a good idea to list the initiator names, or IQNs, of the machines that will access the iSCSI LUN. In Windows, this is easy to do. Just run the iSCSI Initiator client and copy the IQN value from the Configuration tab.

Listing the IQN for a Windows iSCSI initiator

Listing the IQN for a Windows iSCSI initiator

Next, using the vSphere Web client:

    1. Highlight the vSAN cluster.
    2. Click on the iSCSI Target Service under vSAN
    3. Select the Initiator Groups tab
    4. Click the Add button

Creating a vSAN iSCSI initiators group

Creating a vSAN iSCSI initiators group

In the Name field, type a value for the group you are creating which is Windows_Workstations in my case. Paste the IQN in the Member Initiator name field and click on Add. Repeat this for every initiator you want to be included. Press OK when done.

Adding initiators to an iSCSI initiators group

Adding initiators to an iSCSI initiators group

Create an iSCSI target

Move up one item and select iSCSI Targets on the Configure page (2). An iSCSI target is just an endpoint an initiator client connects to so it can consume the VMware vSAN iSCSI LUN.

Still using the vSphere Web Client, click on the Add button (4).

Creating a new vSAN iSCSI target in vSphere Web client

Creating a new vSAN iSCSI target in vSphere Web client

In the New iSCSI Target dialog, you’ll find that most of the settings are automatically populated for you. All you need to add is an Alias and the VMware vSAN iSCSI LUN size. This is shown in the next screenshot.

Configuring a vSAN iSCSI target

Configuring a vSAN iSCSI target

Also, note the following. The default network port for iSCSI is 3260. Even though you can change this, it’s best to leave the value as it is unless there is some compelling reason to change it. The Network value is picked from the list of VMkernels present on the ESXi host presenting the vSAN iSCSI LUN. The host seems to be chosen at random.

The Network value can be changed as required. The Storage policy also determines the actual amount of disk space consumed by the LUN which, per the default settings, will correspond to twice the amount specified by the Size value.

You then need to create a LUN. To do that, scroll down and click ADD under the vSAN iSCSI LUNs pane.

Specify the settings of the vSAN iSCSI LUN with an ID

Specify the settings of the vSAN iSCSI LUN with an ID (avoid using 0, an alias, a storage policy and a size, then click ADD.

vSAN iSCSI LUN

The newly created vSAN iSCSI target should be listed in the lower pane. The details for it are displayed along with the allowed initiators. In the upper pane, look at the I/O Owner Host field and take a note of the ESXi host serving the LUN. In my case, it’s lab01.esx3.lab.priv corresponding to 192.168.24.69.

The vSAN iSCSI target and its properties …

The vSAN iSCSI target and its properties …

We finally need to add the initiators group previously created to the list of Allowed Initiators. By default, any machine is allowed access. We don’t want this for obvious reasons. To add the initiators’ group, click on the Add button. Tick the Initiator Group option and select the Windows_Workstations initiator group created earlier. Press OK to continue.

Adding a custom iSCSI initiators group to the list of allowed initiators

Adding a custom iSCSI initiators group to the list of allowed initiators

Testing time

As mentioned in the opening section, I will try to mount the VMware vSAN iSCSI LUN on a Windows 10 machine. This is done as follows.

In Windows, launch the iSCSI Initiator client. Just type iSCSI in the search box and select the iSCSI Initiator desktop app.

Launching the iSCSI initiator client in Windows

Launching the iSCSI initiator client in Windows

Select the Targets tab on the iSCSI Initiator Properties dialog. Type in the IP address noted earlier, i.e. the one used by the vSAN iSCSI target, and click on Quick Connect. On the Quick Connect dialog, make sure the discovered target status is set to Connected and press Done.

Connecting to the vSAN iSCSI target using the Windows iSCSI initiator client

Connecting to the vSAN iSCSI target using the Windows iSCSI initiator client

From the Volumes and Devices tab, click on the Auto Configure button. You should see the mount point for the VMware vSAN iSCSI LUN listed in the Volume List window. Press OK to finish setting up the client.

Forcing the client to bind to the mount point

Forcing the client to bind to the mount point

The last step sees us initializing the newly added disk using the Disk Management console. Just type diskman in the search box. On the Initialize Disk dialog, press OK to initialize the disk i.e. the corresponding vSAN iSCSI LUN.

Initializing the new disk in Windows using the Disk Management console

Initializing the new disk in Windows using the Disk Management console

To complete the process, select the new disk and format it, as required, using the New Simple Volume wizard.

Preparing the disk for use in Windows

Preparing the disk for use in Windows

To complete the test, verify that you can read and write to the volume. You can easily do this by creating, say, a text file containing data and then deleting it.

To complete the test, verify that you can read and write to the volume.

To properly protect your VMware environment, use Altaro VM Backup to securely backup and replicate your virtual machines. We work hard perpetually to give our customers confidence in their VMware backup strategy.

To keep up to date with the latest VMware best practices, become a member of the VMware DOJO now (it’s free).

Conclusion

Though somewhat having a few vSAN iSCSI limitations, vSAN iSCSI serves a secondary and useful purpose as we have seen in this post. It can host and serve iSCSI LUNs to machines other than ESXi hosts and virtual machines using its iSCSI Target service. The major benefit being that you get to make better use of your vSAN capacity should you have a large chunk of it left unused by your vSAN workloads.

Also, if you’re wondering can vSAN nodes also use shared iSCSI storage, yes they can. vSAN nodes are still vSphere servers that can mount external storage.

Have a look at the complete list of articles for more vSAN related posts such as How to generate a VSAN HTML report with PowerCLI and Learn How to License vCenter, ESXi, and vSAN.

Altaro VM Backup
Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Frequently Asked Questions

vSAN iSCSI lets you use your vSAN capacity to present iSCSI LUNs to third-party clients such as Windows and Linux hosts. You cannot use a vSAN ISCSI LUN as a vSphere datastore.
No, vSAN pools physical disks from multiple ESXi hosts to create one distributed but shared datastore.
To activate vSAN iSCSI target, you must enable the vSAN iSCSI target service from the vSAN General options.
iSCSI is a protocol to access storage over the network using the TCP/IP stack, as opposed to FC that uses FCP for lower latency.
An iSCSI device also referred to as ISCSI target, is a dedicated network-connected hard disk storage device also called volume or LUN.

6 thoughts on "How to Easily Create a vSAN iSCSI LUN"

  • Eli says:

    hi Jason, I liked your write up on this as I am trying to implement similar at my lab. however, at the iSCSI Target section, I can see you had a 100gb Lun, I’m curious to know where it came from?
    I am asking bcz on an another vSphere nested ESXi servers implementations (on my desktop), the iSCSi Target storage was provisioned by the Win10 Server and ESXi hosts vmk’s were configured as initiators. I believe here, it is just the opposite roles, but can’t determine where vSphere got the storage from? Tnx.

    • Ryan Birk says:

      Eli, that LUN was likely pre-provisioned. It certainly is not anything that comes with it out of the box. You’ll want to create the LUN on your storage array and point the host to the target.

Leave a comment

Your email address will not be published.