Tag iscsi

Life Changing Highlights of the Iomega ix4-200d

by Christopher Kusek (PKGuild) emc, Iomega, NAS, Reviews

Welcome to the ix4-200d! This single device is a life changer for both the active home user as well as the SOHO business user who wants to take things to the NEXT Level!

Iomega StorCenter ix4-200d NAS Server

If you’re not familiar with this little beast in a box, here are some of the high-lights which this brings to bear!   NFS, CIFS, iSCSI, AFP Support, BitTorrent client, Xbox Media Services, Printer, USB, Rsync, Celerra integration, dual gigabit Ethernet?!   Oh, and did I mention it’s –VMware- Certified out of the box?!?

Now, seriously! Let’s take a tour of this little system which has taken quite a step or integration in my household!

ix4-200d Home Page ix4-200d Dashboard

When I first powered this system up, it sat there for awhile without me doing anything to it.  Why? This thing is SILENT! I forgot I had powered it up, and as a result didn’t even bother to check what the IP address was that it assigned itself!   Well, out of the box, it came with a RAID protection I was fine with! I had options to change it, but I’m comfortable with it!

Iomega Data Protection Settings Parity Disk 2.7TB

Frankly, this covers most of what you need to do with the device and you’re set! –Done!- But that doesn’t mean you need to stop there!

Iomega Settings Iomega Network Services (AFP, Bluetooth, FTP, NFS, rsync, SNMP, CIFS)

Most of the features in this unit can be configured by simply checking a box and poof! You’re done!

I have mine configured in the following fashion: AFP for my Macbook to backup, NFS and iSCSI for my ESX Servers, CIFS for local network file access, Media Services to interface with my Xbox360 to stream content and pictures, rsync Server to strangely replicate the box between this ix4 and an ix2 as well as to replicate over to the Celerra VSA :)   (Oh, and the Avamar Virtual Edition running in a VM backing up all of my home machines while taking up far less space with inline deduplication :))

I don’t have Video Surveillance enabled yet, but it’s nice to know the integration is built in there! (Printers also nice, but this lives in a closet, so I’m not sure I want to do that :))

So, hopefully you get the opportunity to play around with this power house in a box, and with the ix2-200d offering the same services (but with less disks and less IOPS) Oh, and if you’re interested in buying one, it’d help if you knew the “retail” costs!

Iomega Pricing

So, that gives you an idea of “retail” cost, now I’d say, go to Fry’s and try not to pay more than $599.99 for the 4TB model (Fry’s is your friend! ;))

For another great review of this, check out Stephen Foskett’s review!

When security best practices collide (Crippling iSCSI in Windows)

by Christopher Kusek (PKGuild) Baltimization, Christopher Kusek, Informational, Microsoft, NetApp, SQL, Storage, Windows Server

As a security guy, I can tell you – There are a lot of really good security best practices to be applied across all systems, applications, servers and a world over. But when implemented unchecked – Problems will arise.

What I am talking about specifically is this little doozy – EnablePMTUDiscovery

Value name: EnablePMTUDiscovery
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)

The following list describes the parameters that you can use with this registry value:

  • 1: When you set EnablePMTUDiscovery to 1, TCP attempts to discover either the maximum transmission unit (MTU) or then largest packet size over the path to a remote host. TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs by discovering the path MTU and limiting TCP segments to this size. Fragmentation adversely affects TCP throughput.
  • 0: It is recommended that you set EnablePMTUDiscovery to 0. When you do so, an MTU of 576 bytes is used for all connections that are not hosts on the local subnet. If you do not set this value to 0, an attacker could force the MTU value to a very small value and overwork the stack.

    Important Setting EnablePMTUDiscovery to 0 negatively affects TCP/IP performance and throughput. Even though Microsoft recommends this setting, it should not be used unless you are fully aware of this performance loss.

    That little excerpt taken from:
    How to harden the TCP/IP stack against denial of service attacks in Windows 2000

    This KB article is still used and is applicable to the Windows 2003 space, but what does this do exactly?

    This will drop all transmissions over TCP/IP down to 576 byte packets. Oh and this is a global setting.
    So, you go to connect up to an iSCSI LUN, and it connects up just fine.
    Your host is working, your storage is working everything is all doozy.

    When you start to try to actually -use- that connection for storage though, you’ll begin to experience exponential latency. This latency will translate into IOPS problems and access to the disk, masking this making it appear to be a disk issue. This effectively cripples your application, yet is hidden so well from the system as a problem without sniffing or using something like mturoute you’d never know it is happening.

  • MTURoute is your friend and will help you determine your current MTU

    With that said, on any systems with iSCSI connectivity, I strongly encourage you to NOT disable this setting, ensuring that EnablePMTUDiscovery is always set to 1

    Thanks for your time!