VMware Cloud Community
Feltrek
Contributor
Contributor

iSCSI - Add Service Console Port Group | SW iSCSI Initiator

Greetings,

I have been recently attaching a few of my ESX 3 servers to NFS using iSCSI. My concern arrives when I am prompted to install Service Console Port on the NFS network for the sw iSCSI Initiator to work. Installing a service console port will violate security policies we have in place. This prompt occurs will adding iSCSI storage to the ESX Server. See uploaded image: Is the Service Console Port on the VMkernal IP storage network port critical from running Guests off of network storage?

If we opt to not install a Service Console port on the NFS network how would this negatively effect our VM Infrastructure?

What is the purpose of the sw iSCSI Initiator?

I still can attach to the NAS, run VM Guests of the NA, and utilize VM motion without a Service Console Port on the NFS network.

Thanks in advnce for any input,

Feltrek

Reply
0 Kudos
3 Replies
bhadzik
Enthusiast
Enthusiast

Feltrek,

This has to due with the fact that the initial scan of the iscsi target needs to be done with a service console instead of vmkernel. If you normal service console can route to that network, you don't need to add an additional service console. However if they are isolated, then the additional service console is neccessary to scan the iscsi target. Then the vmkernel kicks in to actually connect and pass data.

Also, i believe you are confusing iscsi and nfs. Those are two seperate communication methods that do not rely on each other. If you are using nfs, you do not need to configure iscsi, and vice versa.

ctfoster
Expert
Expert

The recommendation is to run iSCSI on an isolated switched segment not shared with user traffic. Therefore exposing a user console is not normally an issue. You need a console device on this network for the initial scan and CHAP authentication. However if you are concerned about the security you can create a console interface without exposing a CLI.

http://communities.vmware.com/message/854165

Feltrek
Contributor
Contributor

Thank You!

Both of your answers were really helpful in developming our strategy.

Thanks,

Feltrek

Reply
0 Kudos