The short version: it's iSCSI targets on the public internet. Pick an image, get a block device. The free tier doesn't need a signup at all - iscsiadm -m discovery -t sendtargets -p scsipub.com and --login to iqn.2025-01.pub.scsipub:blank lands you a 64 MB scratch disk. There's a small catalog of OS images you can mount the same way.
The paid tier is where it gets less hobby-shaped: sessions survive disconnects, a single target can expose multiple LUNs, and SCSI-3 Persistent Reservations work end-to-end (REGISTER / RESERVE / RELEASE round-trip clean against sg_persist). That last bit is the cluster-storage primitive — Pacemaker, ESXi HA, and Windows MSCS all use PR for fencing — so you can actually back a 2-node failover cluster off a target on the public internet.
The post linked in the submission is the architectural decision log: Ranch 2.x listeners, a BEAM process per session, COW overlays with per-sector bitmaps, Caddy-managed Let's Encrypt for the iSCSI-TLS port without restarting the listener, and the four open-iscsi quirks that each cost me few hours. There's a section on what we're deliberately not solving (multi-region, RDMA, etc.) so you know the scope.
Two companion projects ship as embedded sub-sites on the front page — one turns an ESP32-S3 into a wireless iSCSI-to-USB bridge, one lets a Raspberry Pi 3/4/5 netboot directly from a target. Both linked from the landing page under "Hardware initiators".
Happy to answer any questions about the protocol, the deployment, or the BEAM-side design choices.
Apparently, exposing small USB sticks to industrial equipment that uses it for loading/saving configs and screenshots and being able to 'network' it with shared iSCSI drives.
"The scope writes screen_001.png to “USB”; the file appears in a directory on my desktop, in the iSCSI overlay. Combined with a dropbox-style sync I no longer need to walk over and pull the stick out."
Quite brilliant and clever, if you ask me.
I'm wondering now about using an ESP32 stick and an iSCSI image of Windows install media - that could make for some fun in-house computer imaging setups.
The other one is the Raspberry Pi{3,4,5} iSCSI shim linked there as well - I have a bunch of them for a bunch of paying clients CI/CD kinds of work, and I wanted these to boot from network, not from microSD.
Both of these projects could've benefited from a public demo iSCSI endpoint, we have http://example.com and whateveryouwant@mailinator.com - why not iSCSI
Since I built it, I've started seeing it as a hammer for many nail-like problems - I think that would die down over time;
but.. I have my ESP32 "pendrive" that's net-synced. I have used it to install OS through UEFI-built-in initiator. I have added iSCSI targets to my windows laptop machine (and VMs) - while you need to deal with disconnects and reconnects, it actually works well enough.
It is a terrible idea, that doesn't sound as terrible for odd use-cases. But yes, the ESP32 over 2.4GHz over 3G internet is slow as molasses (20-30kB/s) - but when the alternative is 0.. or walking over there with a laptop, it works OK.
We do suport VPD 0x83 and advertise consistent NAA/WWID, so linux will support multiple iscsiadm sessions to the same device, and it will be stitched across sessions as paths to the same disk.
We currently hardcode MC/S to 1 as part of login negotiations, advertise single portal and dropping a path will require a re-login.
So - theoretically yes, you can support multipath and it won't fall on its face, but without any practical benefits of it (no bandwidth aggregation and no failover - no ALUA) - at this point it's a single boring target.
But the underlying plumbing can support it - if you have a real usecase for it.
A fun thought experiment here. Is an encrypted transport layer needed? (ipsec, wiregaurd, tls, etc...) I mean, sure, it probably should be plumbed in I bet a raw iscsi stream exposes a ton of metadata. But does it need to? Would a system designed to encrypt blocks in storage provide protection for those blocks in transit?
We run "Ordered" - without queueing - so we essentially are trading off some /more/ performance for reliability in this situation. The block layer tends to handle it well in most OS.. I'll be game to test what softraid crypto would do to it (luks actually handles it reasonably!)
In terms of encrypted transport - the value is mostly in HMAC layer. That might die oddly if the ISPs decide to mess around with these packets because they look too cute - but for encrypted FS, it shouldn't be accidental, only malicious. (Accidentally, I've seen ISPs get upset over MPEG streams over netcat!)
You can demo it out on scsipub without having to provision local SAN, and I came up with scsipub idea as a consequence of lack of any public iSCSI hosts to try things out.
Yes, it's ridiculous, but I have plugged my M1 Macbook Air to (LAN based) iSCSI through a Pi4. Works remarkably well.
And iSCSI as a protocol is a mature solution - it's always the implementation what can add some surprises. But otherwise it works and even survives the network switch stack split-brain sigh.
