iSCSI for TL-Series Tape LibrariesiSCSI SAN SOLUTIONSTo complement the Dell PowerVault MD3000i and Dell EqualLogic & EMC line of iSCSI inter-face disk storage systems, Dell has introduced an iSCSI-to-SAS Bridge Card for the DellPowerVault TL2000 & TL4000 tape libraries. This card, when inserted into a TL-Series tapelibrary, acts as an iSCSI target and provides SAS connectivity for LTO4, LTO4HH andLTO3HH tape drives.Best Practices: Oversubscription of the network switches can lead to many of the“performance” concerns often voiced about iSCSI networks. Using a dedicated, switched 1GbEswitch such as the Dell PowerConnect 62XX or 54XX for iSCSI traffic is recommended. Shouldthis prove unfeasible, deploying a PowerConnect 54XX iSCSI-optimized switch for combinedtraffic is recommended. It will detect iSCSI traffic and raise its Level of Service – in essence,providing more bandwidth to the iSCSI traffic.Best Practices: In most applications, exposing an iSCSI SAN to the internet can result in asecurity vulnerability and should be avoided if possible. While iSCSI does have some securityfeatures integrated into its specification (e.g., CHAP), it is typically a user-selectable featureand is not as robust as some other systems. Additionally, unless IPsec is implemented andenabled, data in-flight is transmitted “in the clear.” Use of private, dedicated networks isstrongly encouraged.SECTION 3STEP-BY-STEP SETUPServers connected to the iSCSI SAN will require an iSCSI initiator. Since most servers areWindows-based, Microsoft’s iSCSI Initiator is a cost effective solution, available as a freedownload: http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&DisplayLang=en. Once installed, the set-up and use is straight-forward.Figure 1 : Microsoft’s iSCSI InitiatorThe important consideration on this screen is the use of CHAP (Challenge Handshake Authen-tication Protocol). This is the main security apparatus in iSCSI. If your iSCSI SAN is visible tothe external internet, it is highly recommended to enable this feature. Even with the availabilityof CHAP, it is still recommended to keep the iSCSI SAN private and not visible to the outsideworld.SECTION 45SEPTEMBER 2008