Jul 02 2020 02/07/2020 02/07/2020 by Pablo Villaronga

How-to connect an iSCSI SAN to a Hyper-V guest VM as a passthrough disk

Posted in , ,

How-to connect an iSCSI SAN to a Hyper-V guest VM as a passthrough disk

By Michael Z 

My business has a legal requirement to keep old case files for 7
years. However, keeping 7 TB of files on production servers takes up
storage capacity and increases backup times for data that is rarely
accessed. I have an old iSCSI SAN made by Infortrend (Taiwanese white
box manufacturer) that will be a storage destination for these archived
case files.

** Disclaimer: ** There are many out there who would
suggest NOT using pass-through disks but instead connect the storage as a
VHDX file to the virtual machine. I had a limitation that I did not
have a location to move 7 TB of data temporarily to setup the iSCSI in
the Hyper-V host.

10 Steps total

Step 1: Hardware

The Hyper-v 2012 R2 hypervisor is a single host running
on an HP Proliant DL385p Generation 8 server. With 64 GB of RAM and 12
TB of usable direct attached storage, it hosts several Windows Server
2012 R2 virtual machines with various roles. It has a 4-port network
adapter, (HP Ethernet 1Gb 4-port 331FLR Adapter), which is based on a
Broadcom chipset. I will dedicate network adapter port #4 to the iSCSI
network.

The iSCSI SAN has 12 drive bays with 2 TB drives in each drive bay. I
configured it as a RAID 10, so I get about 11176 GB usable.
Previously, this device was connected to an older Windwows 2003 R2
server and has data that I do not want to delete, so the existing
partitions and LUNs will remain intact.

Step 2: Networking

I am using Active Directory with Group Policy to manage
security and firewall settings. I will show some of the group policy
objects I created in later steps.

This iSCSI SAN model has 2 network adapters for MPIO (Multipath IO),
but I will only be using 1 for this project. I have configured an iSCSI
SAN network adapter to have a static IP address 10.0.0.10 with netmask
255.255.255.0.

I will cheat a bit by not using a switch between these devices.
Instead, I will run a direct ethernet cable between the iSCSI SAN
network adapter directly to the Hyper-V host network adapter port #4.

On the Hyper-V host, I will modify the network adapter port #4 to be static IP address = 10.0.0.111.

Open remote desktop to the Hyper-V host.

Select option “8) Network Settings”

From the list of Available Network Adapters, select Network Adapter Index#

Select “1) Set Network Adapter Address”

Select “(S)tatic IP”

Enter Static IP address: 10.0.0.111

enter subnet mask: 255.255.255.0

enter default gateway: <blank>

Step 3: Verify networking

In order to check that the two devices are communicating,
I wanted to use the ping command. But how do I select a specific
network interface to ping on?

I look at the help for ping command

ping /?

From the options, I see the switch -S (capital S)

-S srcaddr Source address to use.

Therefore, on the Hyper-V host, I will type the following:

ping -S 10.0.0.111 10.0.0.10

Result

Pinging 10.0.0.10 from 10.0.0.111 with 32 bytes of data:

Reply from 10.0.0.10: bytes=32 time=2ms TTL=64

Reply from 10.0.0.10: bytes=32 time=2ms TTL=64

Reply from 10.0.0.10: bytes=32 time=1ms TTL=64

Reply from 10.0.0.10: bytes=32 time=2ms TTL=64

Ping statistics for 10.0.0.10:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 2ms, Average = 1ms

This is good! I have network connectivity between the iSCSI SAN and the Hyper-V host

Step 4: iSCSI – part 1

As I am not changing any configuration on the iSCSI SAN, I
need to record the CHAP authentication name and target secret/password
for use with the Hyper-V iSCSI initiator control panel

On the Hyper-V host, open powershell session

start powershell

A software iSCSI initiator is installed by default on Windows Server
2012 and Hyper-V Server 2012 as the MSiSCSI service. However, the
MSiSCSI service isn’t set to automatically startup, so we can start the
MSiSCSI service with the following PowerShell command lines:

Set-Service –Name MSiSCSI –StartupType Automatic

Start-Service MSiSCSI

After running the above cmdlets, you can check on the status of the MSiSCSI service with the following command line:

Get-Service –Name MSiSCSI

You can also use group policy to accomplish this. See the Techrepublic.com article in references.

Step 5: Group Policy firewall settings

I need to make sure that the Windows Firewall allows
traffic for iSCSI, Hyper-V Management and Remote Volume Management. I
will use group policy to enforce these settings.

Open Group Policy Management

Expand tree to the Group Policy Objects branch

Right click and select “New”

I name it “Firewall Hyper-V 2012 R2” and chose “(none)” for the Source Starter GPO.

Click “OK”

In the same branch, locate the new group policy object, right click
and select “Edit”. A new window appears “Group Policy Management Editor”

In left pane, right click on the title and select “Properties”

As this policy will apply only to a server, I click “Disable User Configuration settings”

I like to change the comments as soon as I create a new policy.
When troubleshooting errors appearing in the Event viewer, the comment
is a text file that is in the same folder as the group policy object. So
it saves you from tracking down some horribly long unique name to match
with a group policy someone else created 3 years ago.

Click the “Comment” tab

I put in today’s date and a comment, e.g. “20171009 – Allow FW Hyper-V mgmt, iSCSI, Remote Vol. mgmt”

Click “OK” button

Expand to the following level

Computer Configuration >

Policies >

Windows Settings >

Security Settings >

Windows Firewall with Advanced Security (folder icon)>

Windows Firewall with Advanced Security (brick wall & globe icon)>

Right click “Inbound Rules” and select “New Rule…”. The New Inbound Rule Wizard window opens

For step Rule Type, Select “Predefined:” then choose “iSCSI Service”. Click “Next” button

For step Predefined Rules, verify that the rules are selected and click “Next” button.

For Step Action, verify that “Allow the connection” is selected and click “Finish” button.

You should also repeat the process to add “Hyper-V Management Clients” and “Remote Volume Management” predefined rules.

Close the Group Policy Management Editor

In the Group Policy Management window, locate the Organizational
Unit with the Hyper-V host. Right click and select “Link an Existing
GPO…” and choose the newly created group policy object.

On the Hyper-V host, switch to the command prompt and force the Group Policy update

gpupdate /force

Verify that the policy was applied with the Groupd Policy result tool

gpresult /r

Step 6: Alternatively, command line and Powershell firewall settings

You can use the “netsh” command on the Hyper-V host.

Netsh advfirewall firewall set rule group=”iSCSI Service” new enable=yes

netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes

I can check using Powershell on the Hyper-V host that the firewall settings are working

Get-NetFirewallServiceFilter -Service msiscsi | Get-NetFirewallRule | Select DisplayGroup,DisplayName,Enabled

Step 7: iSCSI – part 2

To launch the iSCSI initiator from a command prompt, type “iscsicpl”. The “iSCSI Initiator Properties” window appears.

Click the “Discovery” tab

Click the “Discover Portal…” button. The “Discover Target Portal” window appears.

Click the “Advanced…” button.

In the “Advanced Settings” window, check the box “Enable CHAP log on”, enter the name & target secret.

Click OK button to close the “Advanced Settings” window.

Click OK button to close the “Discover Target Portal” window.

Click the “Targets” tab

Click the “Refresh” button

I can verify the information for this target by selecting it from the list, then clicking the “Properties…” button

Click the “Favorite Targets” tab and verify that the iSCSI target is listed.

Click the “Volumes and Devices” tab and click the “Auto Configure” button.

Click OK to close the “iSCSI Initiator Properties” window.

Alternatively, you can use powershell commands to configure iSCSI

Step 8: Remote Volume Management

As I will be using this as a passthru disk, I need to
configure this disk to be used in the Guest virtual machine (Windows
Server 2012 R2) instead of on the Host OS (Hyper-V 2012 R2). If the
disk is set to ONLINE, then Hyper-V will automatically try to assign a
drive to it for use right away.

Therefore, I need to make the disk OFFLINE for the Hyper-V host.

This can be accomplished from your workstation with the Computer
Management MMC and connecting to remote computer of the Hyper-V host.

Expand Storage

Expand Disk Management

In bottom graphical view, right click the disk and choose “Offine”.
It should show a red circle with white arrow on the drive icon
indicating that it is now Offline.

Alternatively, on the Hyper-V host, you can use the DISKPART tool.

Step 9: Adding storage to Virtual Machine

On your workstation, open the Hyper-V Manager

After selecting the virtual machine you want to add the storage to,
right click and select “Settings…”. This can be done on a VM that is
running or stopped. The extra storage will automatically appear inside
the VM.

Locate the storage controller (SCSI controller if a Generation 2 VM or IDE controller if a Generation 1 VM)

Select “Hard Drive” and click “Add” button

Choose the option for “Physical disk” and select the iSCSI volume that is listed.

Click “OK”

Login to the VM and verify that the storage volume is listed in the Disk Management section of Computer Management.

Step 10: Crack open a beer & Celebrate

All done!

References

Tags: