Solved

Best way to provide iscsi storage to Hyper-V guests

Posted on 2011-09-09
5
692 Views
Last Modified: 2013-11-14
I'm helping a company host application services for its clients.  Each client will have access to a set of Hyper-V guest servers in their own vlan.  Also, each client environment will need to access their own SQL databases and general file data, which could range from hundreds of gigs to several terabytes in size.  

For this SQL and file storage we have a Supermicro white box server with about 20TB of storage.  The plan we're considering is to install Server 2008R2 with MS iscsi target software 3.3 and create a virtual disk for each client to use as storage.

My questions are

- should the iscsi targets be mounted in the hyper-v host, and passed through to the guest vm, or is it better to run iscsi initiator from within the guest?

- is it ok to have vhd's up to several terabytes in size?

- given that each client will have it's own vlan and IP subnet, would we need a separate physical nic for each vlan on the storage server?

Security will be a primary concern - clients should have no ability to see each other's networks, hosts or data

This is pretty new territory for me so if I'm completely off base, or if there's a better way of doing things, by all means please let me know!

Thanks in advance
0
Comment
Question by:smocohiba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 26

Assisted Solution

by:gtworek
gtworek earned 200 total points
ID: 36509605
- should the iscsi targets be mounted in the hyper-v host, and passed through to the guest vm, or is it better to run iscsi initiator from within the guest?

Giving client initiator access (maybe with dedicated adapter) gives you more flexibility. I.e. you can create VM Clusters (FCS) or easily migrate your storage from one server to another one.

- is it ok to have vhd's up to several terabytes in size?

Remember that dynamic and differential VHD are limited to 2TB.

- given that each client will have it's own vlan and IP subnet, would we need a separate physical nic for each vlan on the storage server?

It actually depends on your hadrware and drivers. If it works on one adapter it is ok.

Security will be a primary concern - clients should have no ability to see each other's networks, hosts or data
If it is your main concern you should remember that iSCSI itself is transmitted totally unencrypted and easy to intercept. You should encapsulate it into IPSec and/or encrypt your client disks with Bitlocker - it also makes your transmission encrypted at the higher level.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 300 total points
ID: 36525884
I would store VMs/VHDs less than 2 TB in size on a CSV per customer.  That at least logically separates customer data on a volume level. A customer also wouldn't be able to access data on another VHD unless you accidentally mapped the wrong VHD to a VM, which should be a little bit harder when you are reaching across CSV volumes.

If a VM needed more than the 2 TB that you can put on a VHD, I would look at passthrough disks. You can also use iSCSI from inside the VM, but you will then need to route the iSCSI traffic through a firewall/router that allows VM to SAN traffic but prevents VM to VM traffic, and you will need very strong access controls on the volumes such as IP address, CHAP, and initiator name to prevent a guest from being able to mount a volume that it shouldn't have access to.

You will need to compare that against the risk of accidentally assigning the wrong passthrough disk to a VM.

How to use passthrough disks on highly available VMs
http://social.technet.microsoft.com/wiki/contents/articles/440.aspx
0
 

Author Comment

by:smocohiba
ID: 36526715
Thanks for the replies so far - great info!  for iSCSI I think we're starting to lean towards going with Starwind's free product rather than MS iSCSI target software - it seems to offer more robust features out of the box.  Is there anything I should be wary of with Starwind?

@kevinhsieh - I'm looking into setting up CSV from this page http://blogs.msdn.com/b/clustering/archive/2009/02/19/9433146.aspx.  Step 3 describes creating CSV disks by adding available storage to the CSVs.  What constitutes the available storage - physical partitions on the local disk?  Also, is it possible to map more than one CSV (containing a vhd) to a VM, effectively creating additional drives?

0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36526873
Available storage is the iSCSI volume(s) that you have attached to each host through the iSCSI control panel. I usually attach a new volume to a single host, initialize it and put a single partition on it, and then format it (usually 64K if it is storing VHDs). I then attach the other cluster nodes to it. It should then appear as available storage in the cluster manager.

While you can assign VHDs from different CSV to a single VM, you have to think about why you would do that instead of assigning multiple VHDs on the SAME CSV. There are reasons to do so, but that adds a layer of complexity that might not be required.

When working with VMs, there is basically no good reason for partitioning a VHD. If you need additional volumes in the VM, use more VHDs instead. The reasons for partitioning a physical disk don't exist for virtual disks, and you end up down the road wanting to expand a partition that is being blocked by another partition on the same VHD, and then there are all sorts of gyrations you need to go through to make it work. If you have just a single partition on a VHD, expanding it is straightforward.
0
 

Author Comment

by:smocohiba
ID: 36561278
sorry for the late response! thanks for the clarification kevinhsieh - I think i'm starting to wrap my mind around the concept.  I'm going to try this out in test environment this week, but I'm optimistic this will work well for our needs!
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look into Log Analysis and Effective Critical Alerting.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question