First, allow me to quickly reiterate what VMware’s vSAN, or virtual SAN is all about. In a nutshell, vSAN allows you to pool physical disks from multiple ESXi hosts to create one distributed but shared datastore. The resulting vSAN datastore is accessible from any host that is a member of the cluster where vSAN is enabled. In How to setup vSAN using a nested environment, I cover the process of setting up vSAN in some detail, so give it a read when you can.

VMware’s hyper-converged architecture approach eradicates the requirement for a full-blown SAN while satisfying most networked-storage needs. To a lesser extent, costs are better contained which is more so true when deploying vSAN on commodity hardware.

Carving out iSCSI LUNs from whichever storage solution is in use, is one task storage admins routinely carry out. An iSCSI LUN is nothing but a block of storage space accessible over a network via the iSCSI protocol. Similarly, vSAN allows you to publish iSCSI LUNs, the caveat being that they can only be mounted on machines extraneous to a vSphere environment. So, the answer is no. It is not possible to have a vSAN iSCSI LUN set up as an ESXi datastore. Nor can it be consumed by vSphere VMs.

Trust me, these are the first two things I tried doing when testing the feature using the latest vSAN 6.6.1. You can read more about the benefits and limitations in this KB article, a portion of which I reproduced as follows.

Despite the vSAN limitations, iSCSI LUNs always come in handy. On that note, I’ll be showing you how to create an iSCSI LUN using vSAN and how to mount it on a Windows 10 machine.

Requirements



Today’s only requirement is that you have vSAN configured in your environment. In my case, I still have vSAN running on a 3-nested host vSphere cluster. If you have a physical vSAN, the better. If not, follow the instructions in the aforementioned post to replicate the steps outlined next.

As I’m writing this, I also finished updating my vSphere environment to ESXi 6.5 U1 Express Patch 4 which means, I’m now running vSAN 6.6.1 (Build #: 6765664). You can easily check the vSAN version you’re on by navigating to the Health and Performance page when connected to vCenter Server via the vSphere Web client or using other methods as explained here.

Creating a vSAN iSCSI LUN



Enable the iSCSI Target Service



First and foremost, we must enable the vSAN iSCSI Target Service from the vSAN General options page (3). Highlight the cluster name where vSAN is enabled. Go to Configure -> General and click on the Edit button (4). On the displayed dialog box, tick the Enable vSAN iSCSI target service (5) option on.

You can leave Default authentication disabled or else select between CHAP and Mutual Chap, if security is a concern. The Default iSCSI network is automatically set use an ESXi host’s VMkernel configured for vSAN. You are also allowed to change the default iSCSI network port and the storage policy if required.

Create an iSCSI Initiator group



You must next decide which machines will be allowed access to the LUN. We refer to anything that can potentially access a LUN as an iSCSI Initiator or client. If you’re planning on giving LUN access to a number of initiators, a cluster comes to mind, it’s always best to create an iSCSI Initiator Group for better security management. With that said, let’s go ahead and create an iSCSI Initiator Group.

First, it’s a good idea to list the initiator names, or IQNs, of the machines that will access the iSCSI LUN. In Windows, this is easy to do. Just run the iSCSI Initiator client and copy the IQN value from the Configuration tab.

Next, using the vSphere Web client, highlight the vSAN cluster. Click on the iSCSI Initiator Groups (3) menu and hit the Add a new iSCSI initiator group green plus sign button (4).

In the Name field, type a value for the group you are creating which is Windows_Workstations in my case. Paste the IQN in the Member Initiator name field and click on Add. Repeat this for every initiator you want to be included. Press OK when done.

Create an iSCSI target



Move up one item and select iSCSI Targets on the Configure page (2). An iSCSI target is just an endpoint an initiator client connects to so it can consume the iSCSI LUN.

Still using the vSphere Web client, click on the Add a new iSCSI target green plus sign button (4).

In the New iSCSI Target dialog, you’ll find that most of the settings are automatically populated for you. All you need to add is an Alias and the LUN size. This is shown in the next screenshot.

Also, note the following. The default network port for iSCSI, is 3260. Even though you can change this, it’s best to leave the value as it is unless there is some compelling reason to change it. The Network value is picked from the list of VMkernels present on the ESXi host presenting the iSCSI LUN. The host seems to be chosen at random. In my case, I set vmk2 for vSAN traffic, which I assume is the reason why it was picked up. The Network value can be changed as required. The Storage policy also determines the actual amount of disk space consumed by the LUN which, per the default settings, will correspond to twice the amount specified by the Size value.

The newly created iSCSI target should be listed in the upper pane. The details for it, are displayed in the bottom one. In the upper pane, look at the I/O Owner Host field and take a note of the ESXi host serving the LUN. In my case, it’s esx-b.vsphere65.local:vmk2 corresponding to 192.168.24.69.

We finally need to add the initiators group previously created to the list of Allowed Initiators. By default, any machine is allowed access via the ANY_INITIATOR built-in group. We don’t want this for obvious reasons. To add the initiators group, click on the Add an initiator… green plus sign button (2). Tick the Initiator Group (3) option and select the Windows_Workstations initiator group (4) created earlier. Press OK to continue.

Testing time



As mentioned in the opening section, I will try to mount the iSCSI LUN on a Windows 10 machine. This is done as follows.

In Windows, launch the iSCSI Initiator client. Just type iSCSI in the search box and select the iSCSI Initiator desktop app.

Select the Targets tab on the iSCSI Initiator Properties dialog. Type in the IP address noted earlier, i.e. the one used by the vSAN iSCSI target and click on Quick Connect. On the Quick Connect dialog, make sure the discovered target status is set to Connected and press Done.

From the Volumes and Devices tab, click on the Auto Configure button. You should see the mount point for the vSAN iSCSI LUN listed in the Volume List window. Press OK to finish setting up the client.

The last step sees us initializing the newly added disk using the Disk Management console. Just type diskman in the search box. On the Initialize Disk dialog, press OK to initialize the disk i.e. the corresponding iSCSI LUN.

To complete the process, select the new disk and format it, as required, using the New Simple Volume wizard.

To complete the test, verify that you can read and write to the volume. You can easily do this by creating, say, a text file containing data and then deleting it.

Conclusion



Though somewhat limited in functionality, vSAN serves a secondary and useful purpose as we have seen in this post. It can host and serve iSCSI LUNs to machines other than ESXi hosts and virtual machines using its iSCSI Target service.

Have a look at the complete list of articles for more vSAN related post such as How to generate a VSAN HTML report with PowerCLI and Learn How to License vCenter, ESXi, and vSAN.