Internet Small Computer Systems Interface (iSCSI) is a standard for transmitting SCSI commands and information through IP networks. This type of protocol permits clients (called initiators) to convey SCSI commands to SCSI storage devices (also called targets) in remote servers.
A widely used Storage Area Network (SAN) format allows entities to merge storage in data center arrays while giving hosts (like Web and database servers) the semblance of disks that attach locally. iSCSI can operate over long distances using pre-existing infrastructures, unlike Fibre Channel which needs special cabling.
How iSCSI Runs
As an application tries to read an iSCSI device, an IP packet encloses the read command. The packet sent arrives like any IP packet in the network. Upon arriving at its destination, the read command is revealed and decoded by the iSCSI device.
Initiators and Targets
‘Initiator’ and ‘target’ are terms used to describe iSCSI clients and servers. An ‘initiator’ is the client, like a database server accessing data through remote storage. A ‘target’ is a storage server providing the data.
iSCSI’s closest competition is Fibre Channel over Internet Protocol (FCIP). iSCSI is the use of SCSI with IP hardware, while FCIP is the use of IP with Fibre Channel hardware.
iSCSI mostly operates as Cleartext protocol with no cryptographic protection. This is unsafe, as transmitted data in SCSI transactions have no cryptographic protection.
Due to this, any malicious user who ‘eavesdrops’ on iSCSI traffic can:
- Recreate and copy file systems and files being transmitted through the wire
- Modify file content by introducing invalid iSCSI frames
- Corrupt file systems that are being accessed by initiators, thus exposing servers to software error