Small Computer System Interface (SCSI) technology for I/O buses in Unix
and PC servers.
SCSI protocol defines how the devices communicate with each other via
the SCSI bus.
It specifies how the devices reserve the SCSI bus and in which format data
The SCSI protocol introduces SCSI IDs (aka. called target ID or just ID)
and Logical Unit Numbers (LUNs) for the addressing of devices.
The server can be equipped with many SCSI controllers.
The operating system must note three things for the differentiation of
devices – controller ID, SCSI ID and LUN.
Devices (servers and storage devices) must reserve the SCSI bus
(arbitrate) before they may send data through it.
During the arbitration of the bus, the device that has the highest priority
SCSI ID always wins.
Lower priorities never being allowed to send data if higher priority bus is
SCSI devices connected in the form of daisy chain.
The SCSI I/O Channel
SCSI is the dominant protocol
used to communicate between
servers and storage devices
in open system
SCSI I/O channel is a
half-duplex pipe for
SCSI CDBs and data
Parallel bus evolution
Bus width: 8, 16 bits
Bus speed: 5–80 Mhz
Throughput: 5–320 MBps
Devices/bus: 2–16 devices
Cable length: 1.5m–25m
A network approach can scale
the I/O channel in many areas
(length, devices, speed)
SCSI CDB: SCSI Command Descriptor Block Used to Relay
SCSI Commands, Parameters, and Status between SCSI
Initiators and SCSI Targets; Typically 6, 10, or 12 Byte Block
SCSI and Storage Network
SCSI suitable for the deployment of storage networks upto limited degree
SCSI daisy chain can only connect a very few devices with each other.
Although it is theoretically possible to connect several servers to a SCSI
bus, this does not work very well in practice.
The maximum lengths of SCSI buses greatly limit the construction of
storage networks. Large disk subsystems have over 30 connection ports
for SCSI cables
Extend the length of the SCSI buses with so-called link extenders, the
use of a large number of link extenders is unwieldy.
SCSI having advantage that transition of SCSI cables to storage networks
remains hidden from applications and higher layers
IP Based Storage
IP storage is an approach to build storage networks upon TCP, IP and
Three protocols are available for transmitting storage data traffic over
- Internet FCP (iFCP)
- Fibre Channel over IP (FCIP)
The basic idea behind iSCSI is to transmit the SCSI protocol over TCP/IP
iSCSI thus takes a similar approach to Fibre Channel SAN, the difference
being that in iSCSI a TCP/IP/Ethernet connection replaces the SCSI cable
What is iSCSI?
A SCSI transport protocol that operates over TCP/IP
Encapsulates SCSI CDBs (operational commands: e.g. read
or write) and data into TCP/IP byte streams
Allows IP hosts to access IP-based SCSI targets (either
natively or via iSCSI to FC Gateways)
RFC 3720 on iSCSI
Collection of RFCs describing iSCSI
RFC 3347—iSCSI Requirements
RFC 3721—iSCSI Naming and Discover
RFC 3723—iSCSI Security
ISCSI refers to Internet Small Computer System Interface
Enable location-independent data storage and retrieval.
The protocol allows clients (called initiators) to send SCSI commands (CDBs)
to SCSI storage devices (targets) on remote servers.
It is a storage area network (SAN) protocol, allowing organizations to
consolidate storage into data center storage arrays while providing hosts
the illusion of locally attached disks.
Unlike traditional Fibre Channel, which requires special-purpose cabling,
iSCSI can be run over long distances using existing network
iSCSI is often seen as a low-cost alternative to Fibre Channel, which
requires dedicated infrastructure except in its FCoE (Fibre Channel over
iSCSI is a mapping of SCSI-3 to TCP, as a “SCSI transport”.
It behaves as a Serial SCSI transporter transferring SCSI packets
(commands, data, status and control messages ) over a TCP stream.
The idea is extremely simple, use existing building blocks ( SCSI, TCP ) to
implement another service.
Upper Functional Layers (e.g. SSL)
Lower Functional Layers (e.g. IPSec)
IP Storage Networking
IP storage networking provides solution to carry
storage traffic within IP
Uses TCP: a reliable transport for delivery
Applicable to local data center and long-haul applications
Two primary protocols:
iSCSI—Internet-SCSI—used to transport SCSI CDBs and data
within TCP/IP connections
FCIP—Fibre-Channel-over-IP—used to transport Fibre Channel frames within
TCP/IP connections—any FC frame—not just SCSI
Objective of iSCSI SAN
iSCSI SANs often have one of two objectives:
Organizations move disparate storage resources from servers around their
network to central locations, often in data centers; this allows for more
efficiency in the allocation of storage.
Organizations mirror storage resources from one data center to a remote data
center, which can serve as a hot standby in the event of a prolonged outage.
In particular, iSCSI SANs allow entire disk arrays to be migrated across a
WAN with minimal configuration changes.
For Storage Consolidation
IP access to open
systems iSCSI and
Fibre Channel storage
iSCSI driver is loaded onto
hosts on Ethernet network
Able to consolidate servers
via iSCSI onto existing
Storage assigned on a LUN-byLUN basis at iSCSI router
Logical Unit Number (LUN): A Field within SCSI
Containing up to 64 Bits that Identifies the Logically
Addressable Unit within a Target SCSI Device
Able to build Ethernet-based
SANs using iSCSI arrays
FC HBAAttached Host
Point-to-point direct connections
Dedicated storage LAN, consisting of one or more LAN
Shared LAN, carrying a mix of traditional LAN traffic plus
LAN-to-WAN extension using IP routers or carrier-provided "IP
Private networks and the public Internet
The following applications for
iSCSI are contemplated:
Local storage access, consolidation, clustering and pooling (as
in the data center)
Client access to remote storage e.g. a "storage service
Local and remote synchronous and asynchronous mirroring
between storage controllers
Local and remote backup and recovery
iSCSI and SCSI
The iSCSI protocol MUST NOT require changes to the SCSI-3
command sets and SCSI client code except to reflect lengthier
iSCSI target names and potentially lengthier timeouts.
All SCSI devices types SHOULD be supported, but iSCSI main
interest are disk and tape controllers
The iSCSI protocol MUST reliably transport SCSI commands
from the initiator to the target.
SCSI command protocol
SCSI standards also include an extensive set of command definitions
There are 4 categories of SCSI commands:
W (writing data from initiator to target)
R (reading data)
There are about 60 different SCSI commands in total
As commands sent in a CDB can be of 6,10,12,16 bytes but later versions
also allows for the variable length CDBs
Contain one byte Operation Code followed by some command specific
Parameters length varies from one command to another command.
Test unit ready: Queries device to see if it is ready for data transfers
Inquiry: Returns basic device information.
Request sense: Returns any error codes from the previous command that returned an
Send diagnostic and Receive diagnostic results: runs a simple self-test
Start/Stop unit: Spins disks up and down, or loads/unloads media (CD, tape, etc.).
Read capacity: Returns storage capacity.
Format unit: Prepares a storage medium for use. In a disk, a low level format will occur.
Some tape drives will erase the tape in response to this command.
Read (four variants): Reads data from a device.
Write (four variants): Writes data to a device.
Log sense: Returns current information from log pages.
Mode sense: Returns current device parameters from mode pages.
Mode select: Sets device parameters in a mode page.
ISCSI target which is aka iSCSI server is responsible for exporting a block
ISCSI initiator that is iSCSI client is responsible for importing that block
device, formats that and make use of it.
LUN is the only part which is exported we actually doing changes to that
LUN and that automatically do the changes to the target machine
We can have multiple targets and security can be implemented on these
ISCSI Target (server)
Dedicated network-connected hard disk storage device
Exports a storage device as a LUN. The backed device could be a disk,
disk partition, LVM, RAID or file.
Uses ISCSI protocol that works over ethernet
How does it provides security?
IP/Network based Access
CHAP based initiator authentication
CHAP target authentication (Bidirectional,
initiator authenticates target)
The client application used to connect to the iSCSI server
Send SCSI commands over the IP
Generic tasks involved:-
Discover targets at a given IP
Login, must use a node record id found by the discovery
Naming and Addressing
All iSCSI initiators and targets are named.
Each target or initiator is known by an iSCSI Name.
The iSCSI Name is independent of the location of
the initiator and target
A target also provides a default name called "iSCSI".
This is not a globally unique name. An initiator can
log into this default target name, and use a
command called "SendTargets" to retrieve a list of
iSCSI targets that exist at that address.
ISCSI uses TCP (typically TCP ports 860 & 3260) for the
protocol itself with higher level names used to address the
objects within the protocol.
Special name refers to both iSCSI
iSCSI provides 3 name formats
- iSCSI Qualified Name (IQN)
- Extended Unique Identifier (EUI)
- T11 Network Address Authority (NAA)
Standard internet lookup services SHOULD be used to resolve
names. For example, Domain Name Services (DNS) MAY be
used to resolve the <hostname> portion of the URL to one or
multiple IP addresses.
When a hostname resolves to multiple addresses, these
addresses should be equivalent for functional (possibly not
performance) purposes. This means that the addresses can be
used interchangeably as long as performance isn’t a concern.
For example, the same set of SCSI targets MUST be
accessible from each of these addresses.
An iSCSI address is specified as a URL, such as:
The <port> in the address is optional; it specified the TCP port
on which the target is listening for connections.
If <port> is not specified, a default port, to be assigned by
IANA, will be assumed.
iSCSI initiators can locate appropriate storage resources using the
Internet Storage Name Service (iSNS) protocol.
In theory, iSNS provides iSCSI SANs with the same management model
as dedicated Fibre Channel SANs.
In practice, administrators can satisfy many deployment goals for iSCSI
without using iSNS.
Authentication: iSCSI initiators and targets prove their identity to each other using the CHAP
protocol, which includes a mechanism to prevent cleartext passwords from appearing on the
Logical Network Isolation: To ensure that only valid initiators connect to storage arrays,
administrators most commonly run iSCSI only over logically isolated backchannel networks.
Physical Network Isolation:In order to further differentiate iSCSI from the regular network and
prevent cabling mistakes when changing connections, administrators may implement selfdefined color-coding and labeling standards
Authorization: iSCSI storage arrays explicitly map initiators to specific target LUNs; an initiator
authenticates not to the storage array, but to the specific storage asset it intends to use
Confidentiality and Integrity: iSCSI operates as a cleartext protocol that provides no
cryptographic protection for data in motion during SCSI transactions. IP-based security
protocols, such as IPsec, provide standards-based cryptographic protection to this traffic.
While using TCP as a SCSI transport-layer might look straight
forward, there are challenges resulting from the different
environments of traditional SCSI and TCP.
SCSI was developed for reliable low-delays environments.
Taking SCSI to the WAN introduces unreliable environment of
Those different environments results with changes applied to
the SCSI protocol