How to configure iSCSI security in vSAN Free?

Software-based VM-centric and flash-friendly VM storage + free version
Post Reply
ezoltan
Posts: 5
Joined: Sat Dec 21, 2024 9:41 pm

Wed Jul 16, 2025 10:43 am

Hello Community,

I have a vSAN Free installation on a 2-node Hyper-V cluster, with vSAN installed directly on the hypervisors as a Windows application. It looks like by default the LUNs are exposed on every single network connection of my Hyper-V hosts, including management/production/user access. My servers have 2x 10Gbps iSCSI + 2x 10Gbps Sync + 4x 1Gbps production NICs.

How can I configure security on iSCSI targets / LUNs in order to:

1. Limit the interfaces / IP addresses LUNs/devices are exposed on?
2. Limit which hosts can connect to the iSCSI targets.
3. Configure CHAP/MCHAP

Thank you.
Top
yaroslav (staff)
Staff
Posts: 4309
Joined: Mon Nov 18, 2019 11:11 am

Wed Jul 16, 2025 12:18 pm

I think it will be simpler to use ACL (i.e., mask the targets from unwanted eyes).
What you could do is set up another system with TRIAL key > set up ACL as described here (https://www.starwindsoftware.com/help/T ... nsole.html) > Go to StarWind.cfg > scroll to the bottom of the document > that will be the ACL section you need to forge in your production cluster.

Please note that while editing the config file, you must stop StarWindService on one server. Make sure that the restart prerequisites are met (https://knowledgebase.starwindsoftware. ... vers%20for).

Good luck with your project!
Top
Post Reply

Return to “StarWind Virtual SAN (VSAN) [+Free], HCI Appliance (HCA), Virtual HCI Appliance (VHCA) [+Free], StarWind x Proxmox VE SAN Integration Services”