vSphere Storage - ESXi 5.1 - Documentation - VMware
vSphere Storage - ESXi 5.1 - Documentation - VMware
vSphere Storage - ESXi 5.1 - Documentation - VMware
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Discovery<br />
A discovery session is part of the iSCSI protocol, and it returns the set of targets you can access on an iSCSI<br />
storage system. The two types of discovery available on <strong>ESXi</strong> are dynamic and static. Dynamic discovery<br />
obtains a list of accessible targets from the iSCSI storage system, while static discovery can only try to access<br />
one particular target by target name and address.<br />
For more information, see “Configuring Discovery Addresses for iSCSI Adapters,” on page 99.<br />
Authentication<br />
iSCSI storage systems authenticate an initiator by a name and key pair. <strong>ESXi</strong> supports the CHAP protocol,<br />
which <strong>VMware</strong> recommends for your SAN implementation. To use CHAP authentication, the <strong>ESXi</strong> host and<br />
the iSCSI storage system must have CHAP enabled and have common credentials.<br />
For information on enabling CHAP, see “Configuring CHAP Parameters for iSCSI Adapters,” on page 102.<br />
Access Control<br />
Access control is a policy set up on the iSCSI storage system. Most implementations support one or more of<br />
three types of access control:<br />
n By initiator name<br />
n By IP address<br />
n By the CHAP protocol<br />
Only initiators that meet all rules can access the iSCSI volume.<br />
Using only CHAP for access control can slow down rescans because the <strong>ESXi</strong> host can discover all targets, but<br />
then fails at the authentication step. iSCSI rescans work faster if the host discovers only the targets it can<br />
authenticate.<br />
Error Correction<br />
Chapter 10 Using <strong>ESXi</strong> with iSCSI SAN<br />
To protect the integrity of iSCSI headers and data, the iSCSI protocol defines error correction methods known<br />
as header digests and data digests.<br />
Both parameters are disabled by default, but you can enable them. These digests pertain to, respectively, the<br />
header and SCSI data being transferred between iSCSI initiators and targets, in both directions.<br />
Header and data digests check the end-to-end, noncryptographic data integrity beyond the integrity checks<br />
that other networking layers provide, such as TCP and Ethernet. They check the entire communication path,<br />
including all elements that can change the network-level traffic, such as routers, switches, and proxies.<br />
The existence and type of the digests are negotiated when an iSCSI connection is established. When the initiator<br />
and target agree on a digest configuration, this digest must be used for all traffic between them.<br />
Enabling header and data digests does require additional processing for both the initiator and the target and<br />
can affect throughput and CPU use performance.<br />
NOTE Systems that use Intel Nehalem processors offload the iSCSI digest calculations, thus reducing the impact<br />
on performance.<br />
For information on enabling header and data digests, see “Configuring Advanced Parameters for iSCSI,” on<br />
page 108.<br />
<strong>VMware</strong>, Inc. 75