Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
DSC
Images
Scripts
Source
README.md
azuredeploy.json
azuredeploy.parameters.json

README.md

Azure Stack Extended Storage (Connect to iSCSI Storage)

This template is intended for use in an Azure Stack environment.

The purpose of this template is to offer a solution to connect an Azure Stack VM to an on-premises iSCSI target enabling that VM to utilize off stamp storage hosted else where in your datacenter. This document covers using a Windows machine as the iSCSI target, you can of course also connect to SAN hosted iSCSI storage but that is not coverd in this document.

This template has been designed to setup up the infrastructure necessary on the Azure Stack side to connect to an iSCSI target. This includes a virtual machine that will act as the iSCSI Initiator along with its accompanying VNet, NSG, PIP and storage. After the template has been deployed two PowerShell scripts need to be run to complete the configuration. One script will be run on the on premise vm(target) and one will be run on the Azure Stack vm (Initiator). Once these are completed you will have on premise storage added to your Azure Stack vm.

Overview

This diagram shows a VM hosted on Azure Stack with an iSCSI mounted disk from a Windows Machine on premises (physical or virtual) allowing storage external to Azure Stack to be mounted inside you Azure Stack hosted VM over the iSCSI protocol

alt text

Requirements

  • An on premise machine (physical or virtual) running Windows Server 2016 Datacenter or Windows Server 2019 Datacenter
  • Required Azure Stack Marketplace items:
    • Windows Server 2016 Datacenter or Windows Server 2019 Datacenter (latest build recommended)
    • PowerShell DSC extension
    • Custom Script Extension
    • An existing virtual or physical machine. Ideally this machine will have two network adapters. This could also be another iSCSI target such as a SAN for instance.

Things to Consider

  • A Network Security Group is applied to the template Subnet. It is recommended to review this and make additional allowances as needed.
  • An RDP Deny rule is applied to the Tunnel NSG and will need to be set to allow if you intend to access the VMs via the Public IP address
  • This solution does not take into account DNS resolution
  • You should change your Chapusername and Chappassword. The Chappassword must be 12 to 16 characters in length.
  • This template is using a static IP address for the VM as the iSCSI connection uses the local address in the configuration
  • This template is using BYOL Windows License
  • You can also connect Linux based systems to the iSCSI targets here are some general steps https://help.ubuntu.com/lts/serverguide/iscsi-initiator.html

Optional

  • You can use your own Blob storage account and SAS token using the _artifactsLocation and _artifactsLocationSasToken parameters the ability to use your own storage blob with SAS token.
  • This template provides default values for VNet naming and IP addressing.
  • This configuration only has one iSCSI nic coming from the iSCSI client. We had tested a number of configurations to utilize seperate subnets and NICs however ran into issues with multiple gateways and trying to create a seperate storage subnet to isolate traffic and actually be truely redundant.
  • Be careful to keep these values within legal subnet and address ranges as deployment may fail.
  • The powershell DSC packages primary purpose is to check for pending reboots. This DSC can be customized further if needed. https://github.com/PowerShell/ComputerManagementDsc/

Resource Group Template (iSCSI Client)

This is the detailed diagram of the resources deployed from the template to create the iSCSI client you can use to connect to the iSCSI target. This template will deploy the VM and other resources, in addition it will run the prepare-iSCSIClient.ps1 and reboot the VM.

alt text

The Deployment process

Now we have an understanding of the architecture it is import to understand the deployment process. The resource group template will generate output which is meant to be the input for the next step as input. It is mainly focus on the server name and the Azure stack public IP address where the iSCSI traffic comes from. For this example lets say we want to deploy connect an Azure Stack VM to a vm hosted elsewhere in your datacenter. You would need to deploy the infrastructure template first. Then run the Create-iSCSITarget.ps1 using the IP address and server name outputs from the template as inout parameters for the script on the iSCSI target which can be a virtual machine or physical server. Next you would use the external IP address or adresses of the iSCSI Target server as inputs to run the Connect-toiSCSITarget.ps1 script.

alt text

Deployment Steps

  1. Deploy iSCSI client Infrastructure using azuredeploy.json
  2. Run Create-iSCSITarget.ps1 on the on premise server iSCSI target
  3. Run Connect-toiSCSITarget.ps1 on the on iSCSI client

Inputs for azuredeploy.json

Parameters default description
WindowsImageSKU 2019-Datacenter Please select the base Windows VM image
VMSize Standard_D2_v2 Please enter the VM size
VMName FileServer VM name
adminUsername storageadmin The name of the Administrator of the new VM
adminPassword The password for the Administrator account of the new VMs. Default value is subscription id
VNetName Storage The name of VNet. This will be used to label the resources
VNetAddressSpace 10.10.0.0/23 Address Space for VNet
VNetInternalSubnetName Internal VNet Internal Subnet Name
VNetInternalSubnetRange 10.10.1.0/24 Address Range for VNet Internal Subnet
InternalVNetIP 10.10.1.4 Static Address for the internal IP of the File Server.
_artifactsLocation
_artifactsLocationSasToken
  1. Once the template completes, you will need to run the Create-iSCSITarget.ps1 on the on premise server iSCSI target with the outputs from the first step
  2. You can then finally run the Connect-toiSCSITarget.ps1 on the on iSCSI client with the details of the iSCSI target

Adding iSCSI storage to existing VMs

You can also run the scripts on an existing Virtual Machine to connect from the iSCSI client to a iSCSI target. This flow is if you are creating the iSCSI target yourself. This diagram shows the execution flow of the PowerShell scripts. These scripts can be found in the Script directory

alt text

Prepare-iSCSIClient.ps1

This script installs the prerequistes on the iSCSI client, this includes;

  • installation of Multipath-IO services
  • setting the iSCSI initiator service startup to automatic
  • enabling support for multipath MPIO to iSCSI
  • Enable automatic claiming of all iSCSI volumes
  • Set the disk timeout to 60 seconds

It is important to reboot the system after installation of these prerequistes. The MPIO load balancing policy requires a reboot so that it can be set.

Create-iSCSITarget.ps1

This script is to be run on the system which is serving the storage. You can create multiple disks and tagerts restricted by initiators. You can run this script multiple times to create many virtual disks you can attach to different targets. You can connect mutli disks to one target.

Input default description
RemoteServer FileServer The name of the server connecting to the iSCSI Target
RemoteServerIPs 1.1.1.1 The IP Address the iSCSI traffic will be coming from
DiskFolder C:\iSCSIVirtualDisks The folder and drive where the virtual disks will be stored
DiskName DiskName The name of the disk VHDX file
DiskSize 5GB The VHDX disk size
TargetName RemoteTarget01 The target name used to define the target configuration for the iSCSI client.
ChapUsername username The username name for Chap authentication
ChapPassword userP@ssw0rd! The password name for Chap authentication. It must be 12 to 16 characters

Connect-toiSCSITarget.ps1

This is the final script which is run on the iSCSI client and mounts the disk presented by the iSCSI target to the iSCSI client.

Input default description
TargetiSCSIAddresses "2.2.2.2","2.2.2.3" The IP addresses of the iSCSI target
LocalIPAddresses "10.10.1.4" This is internal IP Address the iSCSI traffic will be coming from
LoadBalancePolicy C:\iSCSIVirtualDisks The IP Address the iSCSI traffic will be coming from
ChapUsername username The username name for Chap authentication
ChapPassword userP@ssw0rd! The password name for Chap authentication. It must be 12 to 16 characters

Walkthrough

A detailed walkthrough for some iSCSI storage examples can be found here. Including some help showing where to look at your iSCSI configuration and view iSCSI sessions and multipathing settings. https://github.com/lucidqdreams/azure-intelligent-edge-patterns/tree/master/storage-iSCSI/Source/Extending_Your_Storage_Using_iSCSI.docx?raw=true

You can’t perform that action at this time.