iSNS Server Overview
Applies To: Windows Server 2008
Internet Storage Name Service Server
The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network. iSNS facilitates automated discovery, management, and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network.
The Microsoft iSNS Server only supports the discovery of iSCSI devices, and not Fibre Channel devices.
iSNS Server provides intelligent storage discovery and management services comparable to those found in Fibre Channel networks, allowing a commodity IP network to function in a similar capacity as a storage area network. iSNS facilitates a seamless integration of IP networks and manages iSCSI devices. iSNS thereby provides value in any storage network comprised of iSCSI devices.
Features of iSNS Server
iSNS Server is a repository of currently active iSCSI nodes, as well as their associated portals, entities, etc.
Nodes can be initiators, targets, or management nodes.
Typically, initiators and targets register with the iSNS server, and the initiators query the iSNS server for the list of available targets.
A dynamic database of the iSCSI devices and related information that are currently available on the network: The database helps provide iSCSI target discovery functionality for the iSCSI initiators on the network. The database is kept dynamic by using the Registration Period and Entity Status Inquiry features of iSNS. Registration Period allows the server to automatically deregister stale entries. Entity Status Inquiry provides the server a functionality similar to ping to determine whether registered clients are still present on the network, and allows the server to automatically deregister those clients which are no longer present.
State Change Notification Service: This allows registered clients to be made aware of changes to the database in the iSNS server. It allows the clients to maintain a dynamic picture of the iSCSI devices available on the network.
Discovery Domain Service: This allows an administrator to assign iSCSI nodes and portals into one or more groups called discovery domains. Discovery domains provide a zoning functionality by which an iSCSI initiator can only discover those iSCSI targets who have at least one discovery domain in common with it.
Benefits of iSNS Server in iSCSI Storage Area Networks
Easily scalable to large IP storage networks
Asynchronous notification of changes in the iSCSI storage network
Ability to monitor the status and availability of clients
Microsoft-preferred discovery method for iSCSI
Designed for Windows Logo Program requirement for iSCSI HBAs
iSNS Architectural Components
The following are the parts of
iSNS Protocol (iSNSP)
The iSNS Protocol (iSNSP) is a flexible and lightweight protocol that specifies how iSNS clients and servers communicate. It is suitable for various platforms, including switches and targets as well as server hosts.
The iSNS Protocol is a message-based protocol, with most operations utilizing a request and a corresponding response message which together form a single transaction.
Each protocol message consists of a header followed by a list of attributes. Typically, a source attribute (i.e. the iSCSI name of the requesting node) is followed by one or more key attributes, and optionally by one or more operating attributes. A delimiter attribute is used to separate the operating attributes from key attribute.
All attributes are in tag-length-value (TLV) format
The length of all attribute values is padded to a multiple of four
All fields are in "big-endian" or network byte format
iSNS clients initiate transactions with iSNS servers by using the iSNSP. iSNS clients are processes that are co-resident in the storage device, and can register device attribute information, download information about other registered clients in a common discovery domain (DD), and receive asynchronous notification of events that occur in their DDs. Management stations are a special type of iSNS client that have access to all DDs stored in the iSNS.
iSNS servers respond to iSNS protocol queries and requests, and initiate iSNS protocol state change notifications. Properly authenticated information submitted by a registration request is stored in an iSNS database.
The iSNS database is the information repository for iSNS servers. It maintains information about iSNS client attributes. A directory-enabled implementation of iSNS may store client attributes in a Lightweight Directory Access Protocol (LDAP) directory infrastructure.
iSCSI (Internet Small Computer System Interface) is an encapsulation of SCSI for a new generation of storage devices interconnected with TCP/IP (iSCSI).
iSNS Functional Overview
The following are the services provided by iSNS.
A name service providing storage resource discovery
Discovery domain and logon control services
State change notification
Open mapping of Fibre Channel and iSCSI devices
Name registration service
The iSNS provides a registration function to allow all entities in a storage network to register and query the iSNS database. Both targets and initiators can register in the iSNS database, as well as query for information about other initiators and targets. This allows, for example, a client initiator to obtain information about target devices from the iSNS server. This service is modeled on the Fibre Channel Generic Services Name Server described in Internet Engineering Task Force (IETF) request for comment (RFC) documents, with extensions, operating within the context of an IP network.
Discovery domain and logon control service
The discovery domain (DD) service facilitates the partitioning of storage nodes into manageable groupings for administrative and logon control purposes. It allows the administrator to limit the logon process of each host to the more appropriate subset of targets registered in the iSNS. This is important to reduce the number of unnecessary iSCSI logons, and to limit the time that the host spends initializing logon relationships as the size of the storage network increases. Storage nodes must be in at least one common enabled DD in order to obtain information about other storage nodes. Devices can be members of multiple DDs.
Logon control allows targets to delegate their access control or authorization policy to the iSNS server. This helps centralize management of those storage devices that are using the iSNS server. The target node or device downloads the list of authorized initiators from iSNS. Each node or device is uniquely identified by an iSCSI name (also known as iqn). Only initiators that match the required identification and authorization provided by the iSNS will be allowed access by that target node during session establishment.
Placing portals of a network entity into discovery domains allows administrators to indicate the preferred IP portal interface through which storage traffic should access specific storage nodes of that network entity. If no portals of a network entity have been placed into a DD, then queries scoped to that DD report all portals of that network entity. If one or more portals of a network entity have been placed into a DD, then queries scoped to that DD report only those portals that have been explicitly placed in the DD.
DDs can be managed offline by using a separate management computer that is using the iSNSP or SNMP. If the target uses the logon control feature of iSNS, the target delegates management of access control policy (the list of initiators allowed to logon to that target) to the management computers that control the configuration in the iSNS database.
If administratively authorized, a target can upload its own logon control list. This is accomplished using the DDReg message and listing the iSCSI name of each initiator to be registered in the target's DD.
An implementation might sort newly-registered devices that are not assigned to a DD into a default DD contained in a default discovery domain set (DDS) whose initial DDS Status value is enabled. This makes them visible to other devices in the default DD. Other implementations can interpret newly-registered devices as belonging to no DD, making the devices inaccessible to source-scoped iSNSP messages.
The iSNS server uses the source attribute of each iSNSP message to determine the originator of the request and scope the operation to a set of discovery domains. For example, only control nodes are authorized to create or delete discovery domains.
Valid and active discovery domains belong to at least one active DDS. Discovery domains that do not belong to an activated DDS are not enabled. The iSNS server maintains the state of DD membership for all storage nodes, even for those storage nodes that have been deregistered. DD membership is persistent regardless of whether a storage node is actively registered in the iSNS database.
State change notification service
The state change notification (SCN) service allows the iSNS Server to issue notifications about network events that affect the operational state of storage nodes. The iSNS client may register for notifications on behalf of its storage nodes for notification of events detected by the iSNS server. SCNs notify iSNS clients of changes to the iSNS database; they do not necessarily indicate the state of connectivity to peer storage devices in the network. The response of a storage device to receipt of an SCN is implementation-specific; the policy for responding to SCNs is outside of the scope of this module.
There are two types of SCN registrations: Regular registrations and management registrations. Management registrations result in management SCNs, while regular registrations result in regular SCNs. The type of registration and SCN message is indicated in the SCN reply packet (typically a bitmap).
A regular SCN registration indicates that the discovery domain service is used to control the distribution of SCN messages. Receipt of regular SCNs are limited to the discovery domains in which the SCN-triggering event takes place. Regular SCNs do not contain information about discovery domains.
A management SCN registration can only by requested by control nodes. Management SCNs resulting from management registrations are not bound by the discovery domain service. Authorization to request management SCN registrations may be administratively controlled.
An iSNS server should be implemented with sufficient hardware and software resources needed to support the expected number of iSNS clients. However, if resources are unexpectedly exhausted, the iSNS server might refuse SCN service by returning a SCN Registration Rejected (status code 17) event message. The rejection can occur when the network size or current number of SCN registrations has passed an implementation-specific threshold. A client not allowed to register for SCNs can monitor its sessions with other storage devices directly.
The specific notification mechanism by which the iSNS server learns of the events that trigger SCNs is implementation-specific, but can include examples such as explicit notification messages from an iSNS client to the iSNS server, or a hardware interrupt to a switch-hosted iSNS server as a result of link failure.
iSNS usage model
The following is a high-level description of how each type of device in a storage network uses iSNS. Each type of device interacts with the iSNS server as an iSNS client, and must register itself in the iSNS database to access services provided by iSNS.
An iSCSI initiator queries the iSNS server to discover iSCSI target devices. It may also request state change notifications (SCNs) so that it can be notified of new targets on the network after initial startup and discovery. SCNs can also inform the iSCSI initiator of targets that have been removed or are no longer available in the storage network, so that incomplete storage sessions can be gracefully terminated and resources for non-existent targets can be reallocated.
An iSCSI target is discovered by iSCSI initiators by registering with the iSNS server. It may also register for SCNs to detect the addition or removal of initiators for resource allocation purposes. The iSCSI target device can also register for entity status inquiry (ESI) messages, which allow the iSNS server to monitor the target device's availability in the storage network.
A management station uses iSNS to monitor storage devices and enable or disable storage sessions by configuring discovery domains. A management station usually interacts with the iSNS server as a control node endowed with access to all iSNS database records and privileges to modify discovery domains. Through manipulation of discovery domains, the management station controls the scope of device discovery for iSNS clients querying the iSNS server.