Using the Virtual SAN iSCSI Target Service

Use the iSCSI target service to enable hosts and physical workloads that reside outside the Virtual SAN cluster to access the Virtual SAN datastore.

This feature enables an iSCSI initiator on a remote host to transport block-level data to an iSCSI target on a storage device in the Virtual SAN cluster.

After you configure the Virtual SAN iSCSI target service, you can discover the Virtual SAN iSCSI targets from a remote host. To discover Virtual SAN iSCSI targets, use the IP address of any host in the Virtual SAN cluster, and the TCP port of the iSCSI target. To ensure high availability of the Virtual SAN iSCSI target, configure multipath support for your iSCSI application. You can use the IP addresses of two or more hosts to configure the multipath.

Note: Virtual SAN iSCSI target service does not support other vSphere or ESXi clients or initiators, third party hypervisors, or migrations using raw device mapping (RDMs).

Virtual SAN iSCSI target service supports the following CHAP authentication methods:

CHAP: In CHAP authentication, the target authenticates the initiator, but the initiator does not authenticate the target.
Mutual CHAP: In mutual CHAP authentication, an additional level of security enables the initiator to authenticate the target.

iSCSI Targets

You can add one or more iSCSI targets that provide storage blocks as logical unit numbers (LUNs). Virtual SAN identifies each iSCSI target by a unique iSCSI qualified Name (IQN). You can use the IQN to present the iSCSI target to a remote iSCSI initiator so that the initiator can access the LUN of the target.

Each iSCSI target contains one or more LUNs. You define the size of each LUN, assign a Virtual SAN storage policy to each LUN, and enable the iSCSI target service on a Virtual SAN cluster. You can configure a storage policy to use as the default policy for the home object of the Virtual SAN iSCSI target service.

iSCSI Initiator Groups

You can define a group of iSCSI initiators that have access to a specified iSCSI target. The iSCSI initiator group restricts access to only those initiators that are members of the group. If you do not define an iSCSI initiator or initiator group, then each target is accessible to all iSCSI initiators.

A unique name identifies each iSCSI initiator group. You can add one or more iSCSI initiators as members of the group. Use the IQN of the initiator as the member initiator name.