This application relates to managing communications connections with data storage systems.
Computer systems may include different resources used by one or more host processors. Resources and host processors in a computer system may be interconnected by one or more communication connections. These resources may include, for example, data storage systems, such as the SYMMETRIX and CLARIION families of data storage systems manufactured by EMC Corporation. These data storage systems may be coupled to one or more host processors and provide storage services to each host processor. An example data storage system may include one or more data storage devices, such as those of the CLARIION family, that are connected together and may be used to provide common data storage for one or more host processors in a computer system.
A host processor may perform a variety of data processing tasks and operations using the data storage system. For example, a host processor may perform basic system I/O operations in connection with data requests such as data read and write operations. Host processor systems may store and retrieve data using a storage device containing a plurality of host interface units, disk drives, and disk interface units. Such storage devices are provided, for example, by EMC Corporation of Hopkinton, Mass. and disclosed in U.S. Pat. No. 5,206,939 to Yanai et al., U.S. Pat. No. 5,778,394 to Galtzur et al., U.S. Pat. No. 5,845,147 to Vishlitzky et al., and U.S. Pat. No. 5,857,208 to Ofek. The host systems access the storage device through a plurality of channels provided therewith. Host systems provide data and access control information through the channels to the storage device and storage device provides data to the host systems also through the channels. The host systems do not address the disk drives of the storage device directly, but rather, access what appears to the host systems as a plurality of logical disk units. The logical disk units neither may or may nor correspond to the actual disk drives. Allowing multiple host systems to access the single storage device unit allows the host systems to share data stored therein.
It is desirable to manage and monitor data storage systems for a variety of different reasons, such as, for example, to obtain configuration data and/or performance data. System configuration information may be obtained in connection with a system configuration modification such as, for example, a logical or physical device reconfiguration.
A data storage system to be managed and monitored may use the internet Small Computer System Interface (iSCSI) protocol, which is based on Small Computer System Interface (SCSI) and Transmission Control Protocol (TCP) protocols which are well known within the art of computer science. In brief, SCSI is a standard specifying the interface between devices that were originally controllers and peripherals in computer systems. The SCSI architecture is a client-server architecture wherein clients and servers are called “initiators” and “targets,” respectively. Initiators send service requests to targets and receive responses from targets.
A target is a collection of logical units. Each logical unit contains a device server, one or more task sets (queues), and a task manager.
SCSI recognizes two types of requests: device-server requests and task-management requests. The device server processes the device-server commands while the task manager is responsible for task management.
A device-server request is a SCSI command for execution on a logical unit, such as a block read/write command. Each device-server request defines a unit of work for a logical unit. Within a logical unit, a task represents a unit of work.
A SCSI task is an execution context a target creates for a SCSI command or a series of linked SCSI commands. A new task is created for each single command, while the same task is used for all the commands in a series of linked commands, also referred to as a “chain of commands.” A task persists until a command (or a series of linked commands) completion response is sent or until the task is ended by a task management function or exception condition. The initiator sends the next linked command in a series of linked commands only after the current command completes. That is, only one pending command exists per task. From the initiator's point of view, the device server is not multi-tasking; a task executes until it completes. This property allows initiators to implement, for example, read-modify-write commands using linked commands.
Task management requests control the execution of tasks. Examples of task management requests include aborting a task, clearing an exception condition and resetting a logical unit. The task manager manages task queues and serves task management requests.
Both initiators and targets have ports to communicate with their counterparts. The requests and responses are sent through and received from these ports. An initiator or target has one or more ports. Each port has a unique identifier. Each request includes its initiator and target port identifiers. These identifiers are in a “nexus object” in the request. In addition, the nexus object optionally contains an identifier for the logical unit and the task. The logical unit identifier is included if the request is destined for a particular logical unit. Similarly, the task identifier is included if the request is for a specified task.
SCSI is described more fully in the SCSI-3 Architecture Model (SAM) and in the SCSI Architecture Model-2 (SAM-2), available from the American National Standards Institute in Washington, D.C.
The iSCSI protocol maps the SCSI remote procedure invocation model over the TCP protocol. iSCSI requests carry SCSI commands, and iSCSI responses carry SCSI responses and status. iSCSI also uses the request-response mechanism for iSCSI protocol mechanisms.
iSCSI is described more fully in iSCSI, available from The Internet Engineering Task Force.
With the advent of iSCSI, data storage systems may be linked to facilitate the formation of Storage Area Networks (SANs) having increased capabilities and improved performance. SANs that include servers and data storage devices may be interconnected over longer distances, e.g. over IP networks, such as the Internet. For example, iSCSI may be supported over physical media that supports TCP/IP as a transport, and iSCSI implementations may be on Gigabit Ethernet, supporting speeds of at least 10 Gbyte/sec.
iSCSI, more particularly, comprises the rules and processes to transmit and receive block storage applications over TCP/IP networks, and particularly the iSCSI protocol enables SCSI commands to be encapsulated in TCP/IP packets and delivered over IP networks. Thus, implementing SCSI commands over IP networks may be used to facilitate block-level data transfers over Intranets, local area networks (LANs), wide area networks (WANs), the Internet, and the like, and can enable location-independent data storage and retrieval, e.g., at remote workstations or devices.
Each iSCSI device (target or initiator) is allocated a unique name and address. There are two standards which can be employed for iSCSI device naming; EUI (Enterprise Unique Identifier) or IQN (iSCSI Qualified Name). A fully qualified IQN includes the iSCSI target's name and an identifier for the shared iSCSI node or logical volume (“LUN”).
Several discovery methods can be implemented in an iSCSI environment. The administrator can manually specify IP addresses and IQN names to the initiator and target devices. Alternatively, the initiator can use a SendTargets operation to discover targets, such that the address of a target device is specified manually and the initiator establishes a discovery session to perform the SendTargets operation. The target device responds by sending a complete list of additional targets that are available to the initiator. This method is semi-automated, such that the administrator may still need to enter a range of target addresses. Internet Storage Name Service (iSNS) provides a discovery method for both naming and resource discovery for devices on an IP based SAN. The iSNS protocol uses an iSNS server as the central location for tracking information about targets and initiators. An iSNS server can be run on any host, initiator, or target on the SAN. An iSNS client is required on each initiator or target to enable communication with the iSNS Server. In the initiator, the iSNS client registers the initiator and queries the list of targets. In the target, the iSNS client registers the target with the server.
For an initiator to transmit information to a target, the initiator must first establish a session with the target through an iSCSI logon process. This process starts the TCP/IP connection, verifies that the initiator has access to the target (authentication), and allows negotiation of various parameters including the type of security protocol to be used, and the maximum data packet size. If the logon is successful, an ID is assigned to both initiator (an initiator session ID, or ISM) and target (a target session ID, or TSID). Thereafter, the full feature phase—which allows for reading and writing of data—can begin. Multiple TCP connections can be established between each initiator target pair, allowing unrelated transactions during one session. Sessions between the initiator and its storage devices generally remain open, but logging out is available as an option.
Since iSCSI operates in the Internet environment, security can be important. The iSCSI protocol specifies the use of IP security (IPsec) to help ensure that the communicating end points (initiator and target) are authentic, the transferred data has been secured through encryption and is thus kept confidential, data integrity is maintained without modification by a third party, and data is not processed more than once, even if it has been received multiple times. The iSCSI protocol also specifies that Challenge Handshake Authentication Protocol (CHAP) be implemented to further authenticate end node identities.
Installation of a data storage system such as an iSCSI based data storage system can be a complicated process, particularly for the user. For example, initializing a new iSCSI based data storage system and connecting a server to an iSCSI storage system can involve complicated tasks requiring the user to execute and navigate multiple stand-alone software utilities, typically on both the storage system and the server to be connected.
For example, a MICROSOFT iSCSI initiator software package runs on various MICROSOFT WINDOWS operating systems. The package includes several software components, including MICROSOFT Initiator and MICROSOFT Initiator Service. MICROSOFT Initiator is an iSCSI device driver component that is responsible for moving data from a storage stack to a standard network stack. MICROSOFT Initiator is used only when iSCSI traffic goes over standard network adapters (also referred to as network interface cards, or NICs), not when specialized iSCSI adapters are used. MICROSOFT Initiator Service is a service that manages all iSCSI initiators (including network adapters and host bus adapters (HBAs)) on behalf of the operating system. Its functions include aggregating discovery information and managing security. It includes an iSNS client, including functionality used for device discovery.
MICROSOFT Initiator functions with a network stack (iSCSI over TCP/IP) and supports both standard Ethernet network adapters and TCP/IP offloaded network adapters. MICROSOFT Initiator Service provides storage management functionality including discovery and aggregation of multiple discovery mechanisms (iSNS, SendTarget, and manual configuration by an administrator), security and iSNS server and client support for security credentials, session initiation and termination and parameter settings for iSCSI sessions, and device management including providing HBA or network adapter-based initiators with the necessary parameters.
MICROSOFT Initiator Service enables the host computer system to discover target storage devices on the storage area network and to determine whether or not it has access to those devices. iSNS client code of MICROSOFT Initiator Service allows the Service to maintain a list of targets reported via the iSNS server as changes are made.
MICROSOFT Initiator, in accordance with iSCSI standards, uses IPsec for encryption and CHAP for authentication.
MICROSOFT Initiator Service has a common application programming interface (API) that can be used for configuring both MICROSOFT Initiator and iSCSI HBAs.