Home > Articles > Microsoft > MCTS

  • Print
  • + Share This
This chapter is from the book

Network-Attached Storage (NAS) and Storage Area Networks (SAN)

Network-attached storage (NAS) is a file-level computer data storage device that is connected to a computer network to provide shared drives or folders. To make NAS fault tolerant, NAS systems usually contain one or more hard disks, often arranged as RAIDs. NAS units also usually have a web interface as opposed to keyboard/video/mouse.

A storage area network (SAN) is an architecture that attaches remote computer storage devices (such as disk arrays, tape libraries, and optical jukeboxes) to servers in such a way that, to the operating system, the devices appear as locally attached. They are typically used in larger organizations where the SAN acts as a central disk repository that services multiple servers and network applications. The SAN usually contains multiple hard drives that use RAID or other technology to make the system redundant against drive failure and to offer high performance.

Most SANs use the SCSI protocol for communication between servers and disk drive devices. But instead of using the same SCSI interface used in local hard drives, it uses network interfaces, such as

  • Fibre Channel
  • iSCSI

A fabric is a network topology where devices are connected to each other through one or more high-efficiency data paths. In the case of a Fibre Channel fabric, the network includes one or more Fibre Channel switches that enable servers and storage devices to connect to each other through virtual point-to-point connections. For iSCSI fabrics, the network includes one or more Internet Storage Name Service (iSNS) servers that provide discoverability and partitioning of resources.

Fibre Channel

Fibre Channel is a gigabit-speed network technology primarily used for storage networking. Fibre Channel is standardized in the T11 Technical Committee of the InterNational Committee for Information Technology Standards (INCITS), an American National Standards Institute (ANSI)–accredited standards committee. Despite its name, Fibre Channel signaling can run on both twisted pair copper wire and fiber-optic cables. Fibre Channel Protocol (FCP) is the interface protocol of SCSI on the Fibre Channel.

In a Fibre Channel switched fabric (FC-SW), Fibre Channel switches connect devices together. When a host or device communicates with another host or device, the source and target create a point-to-point connection between themselves and communicate directly with each other. The fabric itself routes data from the source to the target. In an FC-SW, the media is not shared. Therefore, any device can communicate with any other device, assuming it is not busy, and communication occurs at full bus speed regardless of whether other devices and hosts are communicating at the same time.

A port in Fibre Channel is any entity that actively communicates over the network. Port is usually implemented in a device such as disk storage, an HBA on a server, or a Fibre Channel switch. There are three major Fibre Channel topologies, describing how a number of ports are connected together:

  • Point-to-Point (FC-P2P): Two devices are connected back to back. This is the simplest topology, with limited connectivity.

  • Arbitrated loop (FC-AL): In this design, all devices are in a loop or ring, similar to token ring networking. Adding or removing a device from the loop causes all activity on the loop to be interrupted. The failure of one device causes a break in the ring. Fibre Channel hubs exist to connect multiple devices together and may bypass failed ports. A loop may also be made by cabling each port to the next in a ring. A minimal loop containing only two ports, while appearing to be similar to FC-P2P, differs considerably in terms of the protocol.

  • Switched fabric (FC-SW): All devices or loops of devices are connected to Fibre Channel switches, similar conceptually to modern Ethernet implementations. The switches manage the state of the fabric, providing optimized interconnections.

When a host or device is powered on, it must first log in to the fabric. This enables the device to determine the type of fabric (a fabric supports a specific set of characteristics) and provides a fabric address to a host or device. A given host or device continues to use the same fabric address while it is logged on to the fabric; the fabric address is guaranteed to be unique for that fabric. For a host or device to communicate with another device, it must establish a connection to that device before transmitting data. The switches route the packets in the fabric.

In a fabric topology, each device (including the HBA) is called a node. Each node has a fixed 64-bit worldwide name (WWN) assigned by the manufacturer and registered with the IEEE to ensure it is globally unique. A node can have multiple ports, each with a unique 64-bit port name and 24-bit port ID. For example, a dual-port HBA has a single worldwide name (WWN) and two worldwide port IDs used for frame routing. When a port logs in to the fabric, it registers various attributes that are stored in the fabric (usually within a switch). Zoning is a method of restricting which ports or WWN can communicate with each other.

LUNs allow SANs to break the SAN storage down into manageable pieces. The SAN then assigns each LUN to one or more servers in the SAN. If a LUN is not mapped to a given server, that server cannot see or access the LUN. LUN masking is a method of restricting which devices can view, send, and receive commands to specific LUNs on a storage controller. You need to identify only the server or cluster that is to access the LUN, and then select which HBA ports on that server or cluster will be used for LUN traffic.

When a server or cluster is identified, Storage Explorer automatically discovers the available Fibre Channel HBA ports on that server or cluster. You can also add ports manually by entering their World Wide Name (WWN).


iSCSI is a protocol that enables clients to send SCSI commands over a TCP/IP network using TCP port 3260. Because it uses Ethernet switches and cabling, typically Gigabit Ethernet or Fibre, it can connect a SAN to multiple servers and provide long-distance connections.

A LUN is a logical reference to a portion of a storage subsystem. A LUN can comprise a disk, a section of a disk, a whole disk array, or a section of a disk array in the subsystem. Using LUNs simplifies the management of storage resources in your SAN because LUNs serve as logical identifiers through which you can assign access and control privileges.

Because you connect to the SAN over a network, the network adapter must be dedicated to either network communication (traffic other than iSCSI) or iSCSI, not both. Therefore, if you are using iSCSI, you need two sets of network cards, one for iSCSI and one for network connections.

For a server to connect to a SAN, the server connects to a target using an iSCSI initiator. A target defines the portals/servers (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires to authenticate the servers requesting access to its resources.

For a server to connect to an iSCSI SAN, the server uses an iSCSI initiator software to log on and connect to the SAN. After access is granted by the SAN, the server can start reading and writing to all LUNs assigned to that server. After the software initiator connects to a LUN, the iSCSI session emulates a SCSI hard disk so that the server treats the LUN just like any other hard drive.

Each iSCSI initiator can have one or more network adapters through which communication is established. Additional network adapters provide increased bandwidth and redundancy.

The iSCSI software can be built into the iSCSI host adapter (more commonly known as a Host Bus Adapter (HBA). A typical HBA is packaged as a combination of a Gigabit Ethernet NIC and a SCSI bus adapter, which is what it appears as to the operating system. The HBA contains special firmware that contains the iSCSI initiator software. Because a hardware initiator processes iSCSI and TCP processing and the Ethernet interrupts, performance can be increased over iSCSI initiator software running on the server.

For iSCSI initiators to find a storage device to connect to, the iSCSI initiator uses Internet Storage Name Service (iSNS) protocol to provide both naming and resource discovery services for storage devices on the IP network. The iSCSI initiator then uses the following to connect to the SAN:

  • Hostname or IP address (for example, “iscsi.example.com”)
  • Port number (for example, 3260)
  • iSCSI name (for example, the IQN “iqn.2003-01.com.ibm:00.fcd0ab21.shark128”)
  • An optional CHAP secret password

The iSCSI Name follows one of the following formats:

  • iSCSI Qualified Name (IQN): IQN follows the format

    iqn.yyyy-mm.{reversed domain name}

    For example:


    IQN addresses are the most common format.

  • Extended Unique Identifier (EUI): EUI follows the format

    eui.{EUI-64 bit address}

    For example:


    EUI is provided by the IEEE Registration authority in accordance with EUI-64 standard.

  • T11 Network Address Authority (NAA): NAA follows the format

    naa.{NAA 64 or 128 bit identifier}

    For example:


    NAA is part OUI, which is provided by the IEEE Registration Authority. NAA name formats were added to iSCSI in RFC 3980, to provide compatibility with naming conventions used in Fibre Channel and SAS storage technologies.

Configuring the iSCSI Initiators

Microsoft Windows Server 2008 includes two iSCSI Initiator software interfaces. They are

  • iSCSI Initiator applet (located in the Administrative Tools and Control Panel)
  • iscsicli command interface

iSCSI Initiator Applet

By using an iSCSI Initiator (located in the Administrative Tools and the Control Panel), you connect a storage array or volume of a storage array to a server and mount the array or volume as a local volume. An iSCSI initiator is the software component residing on a server or other computer that is installed and configured to connect to an iSCSI target. An iSCSI target is the actual storage array or volume.

When you open the iSCSI Initiator program, you see the following six tabs:

  • General: Enables you to rename the initiator and configure the CHAP authentication and IPSec tunnel.

  • Discovery: Specifies the location of the SAN and Internet Storage Name Service (iSNS) servers.

  • Targets: Specifies to which storage devices the server has access and allows you to log on to those devices.

  • Favorite Targets: Specifies which targets reconnect each time you start your computer.

  • Volumes and Devices: Shows volumes and devices that are connected to the server.

  • RADIUS: Specifies the RADIUS server to use for authentication.

Figure 3.1 shows the Discovery tab.

Figure 3.1

Figure 3.1 The iSCSI Initiator Properties dialog.

  1. To connect to the iSCSI array, select the Discovery tab and click Add Portal.
  2. In the Add Target Portal dialog box, provide the name or IP address of your iSCSI array. The default communication port for iSCSI traffic is 3260. If you have configured CHAP security or are using IPSec for communication between your client and the array, click Advanced and make necessary configuration changes.
  3. Back in the Add Target Portal dialog box, click OK to make the initial connection to the iSCSI array.
  4. To see the list of available targets (volumes to connect to and mount on the server), select the Targets tab.
  5. To connect to an available target, choose the target and click Log On.
    • If you want your server to connect to this volume automatically when your system boots, make sure you select Automatically Restore This Connection When The System Boots. If you do not, you need to reconnect it manually.
    • To enable high availability and to boost performance, choose Enable Multi-Path. Of course, you would need to have multiple network adapters dedicated to the iSCSI connection to use multi-pathing (MPIO).
    • If you are using CHAP or IPSec for communication with a target, click Advanced. After you are finished configuring the Log On options, click OK. The target status should change to Connected (see Figure 3.2).
      Figure 3.2

      Figure 3.2 Log On to Target dialog box for iSCSI.

  6. To bind the available iSCSI targets to the iSCSI startup process and assign them to a drive letter or mount point, select the Volumes and Devices tab. Click Add and specify the drive letter or mount point. Then Click OK.

If the iSCSI volume is a new volume that has not been mounted before, when you open the Disk Management console, it is treated as a new hard drive. At this point, you have to initialize the new drive, create a partition, and format the new volume.


iSCSICLI is a command-line tool suitable for scripting the Microsoft iSCSI initiator service. Although some of these commands may become lengthy and complex, this enables you to access all features of iSCSI. Some of the functions include:

  • iscsicli AddTarget: Creates a connection to a volume or device

  • iscsicli AddPersistentDevices: To make an iSCSI device persistent

  • iscsicli RemovePersistentDevices: Prevents the reconnection to a specified volume

  • iscsicli ClearPersistentDevices: Removes all volumes and devices from the list of persistent devices.

For more information, access the Microsoft iSCSI Software Initiator User’s Guide from Microsoft:

Storage Explorer

With Storage Explorer, you can view and manage the Fibre Channel and iSCSI fabrics that are available in your SAN. Storage Explorer can display detailed information about servers connected to the SAN, as well as components in the fabrics such as host bus adapters (HBA), Fibre Channel switches, and iSCSI initiators and targets (see Figure 3.3).

Figure 3.3

Figure 3.3 The Storage Explorer dialog.

In addition, you can also perform many administrative tasks on an iSCSI fabric including logging onto the iSCSI targets, configuring iSCSI security, adding iSCSI target portals, adding iSNS servers, and managing Discovery Domains and Discovery Domain Sets.

Storage Manager for SANs

The Storage Manager for SANs, a Windows Server 2008 feature, can be used to create and manage logical unit numbers (LUN) on both Fibre Channel and iSCSI disk storage subsystems that support Virtual Disk Service (VDS).

For Fibre Channel SANs, when a server or cluster is identified, Storage Manager for SANs automatically discovers the available Fibre Channel HBA ports on that server or cluster. You can also add ports manually by typing their World Wide Name (WWN).

For iSCSI SANs, you only need to identify the server or cluster that will access the LUN, and Storage Manager for SANs automatically discovers the iSCSI initiators on that server or cluster and lists all the available adapters for those initiators. After the iSCSI initiator adapters have been discovered, you can select which adapters will be used for LUN traffic.

To add and configure a server with Fibre Channel connections, follow these steps:

  1. In the console tree for Storage Manager for SANs, click LUN Management.
  2. In the Actions pane, click Manage Server Connections.
  3. In the Manage Server Connections dialog box, click Add.
  4. In the Add Server dialog box, type the name or browse to the server that you want to add, and optionally, type a description for it.
  5. Click OK. The server will now be listed in the Manage Server Connections dialog box, with all the ports that were automatically discovered on it listed on the Fibre Channel Ports tab.
  6. If necessary, you can add a Fibre Channel manually by clicking Add on the Fibre Channel Ports tab and entering the WWN of the new port. Then click OK.
  7. To enable Fibre Channel ports for LUN access, select a server from the server list. Then on the Fibre Channel Ports tab, select all the ports that you want to enable on the selected server.
  8. Click OK when you have finished configuring the Fibre Channel connections.

Storage Manager for SANs includes the Provision Storage Wizard, which you can use to create a logical unit number (LUN) on a Fibre Channel or iSCSI disk storage subsystem. Before you create a LUN on a storage subsystem, verify that all the following requirements are fulfilled:

  • The storage subsystem supports Virtual Disk Service (VDS).
  • The VDS hardware provider for the storage subsystem is installed on your server.
  • Storage space is available on the storage subsystem.
  • If the server to which you will be assigning the LUN will access the LUN through more than one Fibre Channel port or iSCSI initiator, Multipath I/O has been installed and is running on that server.

To create a LUN, select LUN Management. In the Actions pane, click Create LUN. Then follow the steps in the Provision Storage Wizard pages.

If you create a LUN and do not choose to create a volume for it immediately by using the Provision Storage Wizard, the disk associated with that LUN is visible to the server to which you assign it, but it is offline. Before you can create a partition or volume on that disk, you must first use Disk Management or DiskPart to bring the disk online.

You can also use Storage Manager for SANs to assign a LUN to a server or cluster with the Assign LUN wizard. To start the Assign LUN wizard, click LUN Management in Storage Manager, and then select the LUN you want to assign in the Results pane. Then click Assign LUN in the Actions pane.

  • + Share This
  • 🔖 Save To Your Account