vSAN iSCSI target service allows hosts and physical workloads that reside outside the vSAN cluster to access the vSAN datastore. This feature enables an iSCSI initiator on a remote host to transport block-level data to an iSCSI target on a storage device within the vSAN cluster.
The iSCSI targets on vSAN are managed using Storage Policy Based Management (SPBM) similar to other vSAN objects. This allows saving the space and provides security for the iSCSI LUNs through deduplication and compression, and encryption. For enhanced security, vSAN iSCSI target service uses Challenge Handshake Authentication Protocol (CHAP) and Mutual CHAP authentication.
vSAN identifies each iSCSI target by a unique iSCSI qualified Name (IQN). The iSCSI target is presented to a remote iSCSI initiator using the IQN, so that the initiator can access the LUN of the target. vSAN iSCSI target service allows creating iSCSI initiator groups. The iSCSI initiator group restricts access to only those initiators that are members of the group.