The iSNS Technology (Overview)
The Internet Storage Name Service (iSNS) is a protocol that allows dynamic discovery
of iSCSI initiators and targets within an IP storage area network SAN.
The iSNS protocol enables identification, connection to, and management of iSCSI devices by
providing the following services:
Name registration and discovery: The source of data that is to be stored (known as the initiator) and the storage object (known as the target) register their attributes and address, and then can obtain information about accessible storage devices dynamically.
Discovery domains and logon control: Resources in a typical storage network are divided into groups called discovery domains, which can be administered through network management applications. Discovery domains enhance security by providing access control to targets that are not enabled with their own access controls, while limiting the logon process of each initiator to a relevant subset of the available targets in the network.
State-change notification: The iSNS server notifies relevant iSNS clients of network events, for example, a newly created disk Logical Unit Number (LUN), storage resources going offline, discovery domain membership changes and link failures in a network. These notifications let a network quickly adapt to changes in topology, which is key to scalability and availability. This is an optional service.
Entity status inquiry: The iSNS server verifies that a iSNS client is available. As a result, a status change notification might be issued. This is an optional service.
In a simple configuration, the source of data that is to be
stored (the initiator) exchanges data with a storage object (the target). The initiator
can locate the target and the target always recognizes the initiator. For example,
the Sun StorageTekTM 5320 Network Attached Storage (NAS) appliance is a iSCSI
target because it stores data. The data comes from various iSCSI clients such
as a data management applications or network interface cards which act as initiators. However,
in large and complex configurations, it is difficult and time-consuming to configure every
initiator for every target and for every target to recognize every initiator. The
iSNS server resolves this by using discovery and security mechanisms to dynamically and
automatically identify initiators and targets, and manage their connections to authorized resources.
After a Solaris system has been configured as an iSNS server, all targets
and initiators can register with the server. The targets and initiators become iSCSI
clients or nodes of the iSNS server. These clients are members of the
default discovery domain, the only domain in the default discovery domain set. When you enable the default
discovery domain set, the iSNS server can provide the iSCSI Name Service (iSNS)
for the clients in a simple manner.
To take advantage of the iSCSI Name Service's abilities, create several discovery domain
sets and discovery domains. Then assign the clients to different domains, overlapping their
memberships. The iSNS server keeps track of the clients' status as a member
of one or more discovery domains. For example, when a new storage device
is added to the storage network and is registered with the iSNS server,
it is in the default discovery domain in the default discovery domain set.
You then assign this target to the discovery domains whose initiators will use
it as a resource. The iSNS server then removes this target as a
member of the default discovery domain in the default discovery domain set.
All initiators and targets are assigned to at least one discovery domain. Assigning
an initiator to one discovery domain restricts its access to those targets in
the same discovery domain set. Assigning an initiator to several discovery domains allows
it to find and use targets in all of the discovery domain sets
that include the initiator's discovery domain. You can manage access to clients by
disabling and enabling their discovery domain sets without affecting the clients in other
discovery domain sets.
For example, a site has two discovery domain sets in addition to
the default one: Production and Research. Within the two discovery domain sets are three
domains in addition to the default one: Development, Operations, and Finance. The Development
discovery domain is in the Research discovery domain set, Operations is in the
Production domain set, and Finance is a member of both discovery domain sets.
Each client has been assigned to the discovery domain set that uses it
the most. A data application in the Operations discovery domain can locate and
get access to storage devices in the Production discovery domain set because it
is a member of that discovery domain set but it cannot get access
to a storage device in the Research discovery domain set. A data application
in the Finance discovery domain can locate storage devices in both the Production
and Research discovery domain sets because it is a member of both sets.
If the Research discovery domain set were disabled, initiators in the Finance discovery
domain would not have access to the Research storage devices but would continue
to have access to those in the Production discovery domain set.