Does Software iSCSI on vSphere support IPsec?
This came up in a conversation today. Does VMware’s Software iSCSI implementation support Internet Protocol Security (IPsec) in vSphere 5.1? Internet Protocol Security (IPsec) secures IP communications coming from and arriving at an ESXi host.
Although KB article 1021769 states that IPv6 is compatible with Software iSCSI, it doesn’t state whether or not IPsec is supported with Software iSCSI. To find this information, you have to reach for the vSphere Security Guide. Under the section ‘Securing iSCSI Devices Through Authentication’, it states:
ESXi does not support Kerberos, Secure Remote Protocol (SRP), or public-key authentication methods for iSCSI. Additionally, it does not support IPsec authentication and encryption.
Therefore the answer is no, Software iSCSI currently does not support IPsec at this time.
Get notification of these blogs postings and more VMware Storage information by following me on Twitter: @CormacJHogan
This is true. There are currently no known problems using iSCSI with IPsec, either.
Thanks Andy. One assumes then that it is simply a QA issue and that we haven’t tested it yet. Would that be correct?
Yes.
Thanks Cormac. Interesting to know Andy.