Dell EqualLogic PS6210E EqualLogic Group Manager Administrator s Guide PS Seri - Page 110
About Volume-Level Security, Connect Initiators to iSCSI Targets, Access Control Methods
View all Dell EqualLogic PS6210E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 110 highlights
7 About Volume-Level Security To secure your data, you must prevent access by unauthorized iSCSI initiators. By controlling access to your iSCSI targets, you can secure access to individual volumes. Group Manager provides several ways to control access to your volumes. You can use these security measures in tandem with group-level and NAS-level security to provide the required level of security for your data. • You can specify a CHAP user name, IP address, or iSCSI initiator name. This information is used by the access method that applies to a volume and its snapshots. You can then use a CHAP account on an external RADIUS authentication server to authenticate iSCSI targets in a PS Series group. • You can allow or disallow initiators with different iSCSI qualified names (IQN) access to a volume and its snapshots. • You can use an iSNS (Internet Storage Name Service) server for initiator discovery of iSCSI targets. • You can set permissions for a volume as either read-write (default) or read-only. Connect Initiators to iSCSI Targets To access iSCSI targets (volumes and snapshots) in a PS Series group, you must install an industry-standard iSCSI initiator on a computer. An example of an industry-standard iSCSI initiator is the one that is built in to Microsoft Windows. NOTE: Access to iSCSI targets is through TCP port 3260 (the standard iSCSI port). See your initiator documentation for the exact procedure for logging in to an iSCSI target. In general, to log in: 1. Specify the group IP address as the discovery address or target portal in the iSCSI initiator configuration interface. If you are using iSNS, the initiator automatically discovers targets from the iSNS server that you configured in the group. The initiator displays a list of iSCSI targets from the group. 2. Log in to a target. The initiator must match at least one of the target's access control policies. As part of the login procedure, you might need to enter a CHAP user name and password (secret) and target authentication credentials. After the initiator logs in to the iSCSI target, the computer sees the target as a disk that you can format using the usual operating system utilities. You can then partition the disk and create a file system as needed. NOTE: • In some file systems, volumes and snapshots must have read-write permission even if the file system is read-only. • Both hardware and software iSCSI initiators are available from a variety of vendors. Install and configure an initiator using the vendor-supplied instructions. See the Dell EqualLogic PS Series Storage Arrays iSCSI Initiator and Operating System Considerations document for more information about iSCSI initiator configuration or contact Dell Technical Support. Access Control Methods Access control methods determine which hosts and clusters can connect to which volumes while simultaneously preventing unauthorized access to iSCSI target volumes and snapshots. Access methods restrict access to iSCSI target volumes and snapshots to specified initiators, restricted by CHAP user name, iSCSI initiator name, or IP address. The access method can contain one or more of these restrictions. 110 About Volume-Level Security