Dell PowerVault MD3000i Installation Guide - Page 45
Understanding CHAP Authentication, What is CHAP?, Target CHAP, Mutual CHAP
View all Dell PowerVault MD3000i manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
Understanding CHAP Authentication Before proceeding to either Step 5: Configure CHAP Authentication on the Storage Array (optional) or Step 6: Configure CHAP Authentication on the Host Server (optional), it would be useful to gain an overview of how CHAP authentication works. What is CHAP? Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI authentication method where the storage array (target) authenticates iSCSI initiators on the host server. Two types of CHAP are supported: target CHAP and mutual CHAP. Target CHAP In target CHAP, the storage array authenticates all requests for access issued by the iSCSI initiator(s) on the host server via a CHAP secret. To set up target CHAP authentication, you enter a CHAP secret on the storage array, then configure each iSCSI initiator on the host server to send that secret each time it attempts to access the storage array. Mutual CHAP In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator authenticate each other. To set up mutual CHAP, you configure the iSCSI initiator with a CHAP secret that the storage array must send to the host sever in order to establish a connection. In this two-way authentication process, both the host server and the storage array are sending information that the other must validate before a connection is allowed. CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any host server connected to the same IP network as the storage array can read from and write to the storage array. NOTE: If you elect to use CHAP authentication, you should configure it on both the storage array (using MD Storage Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you prepare disks to receive data before you configure CHAP authentication, you will lose visibility to the disks once CHAP is configured. Setting Up Your iSCSI Storage Array 45