We have 4 DELL 2950´s each equipped with 2 intel e1000 dualport nics, actually using the software iSCSI initiator. All running ESX 3.0.2 (latest patches). SAN is Equallogic (SW 3.2).
First question:
We just bought 4 new qlogic dualport iSCSI HBA´s. These are the new 4062 PCIe ones which are at this time not included as driver in esx 3.0.2, but will be included in ESX 3.5. The cards are already installed to the systems even they are naturally not yet recognized by esx (installed os is esx 3.0.2 with latest patches). Now soon esx 3.5 will be available and the 4062 will be supported (i hope so...). Now I am curious: Is it safe to just shutdown all vm´s on one esx server, powercycle, enter HBA Bios, connect the iSCSI Target, boot up and everything is fine? Or should I first disconnect the volumes from the iSCSI software initiator, reboot and then connect the target in the hba´s bios? Any suggestions here to do all this SAFE? Remember three other ESX Servers with software initiator will USE the SAN at this time (will be changed to "iSCSI Hardware mode" later.
Second question:
At this time I gave the equallogic a very simple access rule for all the esx machines. A special subnet dedicated to the esx Servers. Now I want to increase security and add a chap secret in addition to the ip subnet rule. Any suggestions how to do this smoothly with the EQL and the 4 ESX Servers. A Thought: Add the chap rule in the EQL as ADDITIONAL rule (don´t include it in the very first ip rule), then shutdown the vm´s on one esx, add the chap secret to the iSCSI config, shutdown, remove first ip rule from EQL, Boot ESX. Comments on this?
best regards
Joerg
