Home » Dell Manuals » Storage Devices » Dell PowerVault MD3000i » Manual Viewer

Dell PowerVault MD3000i Installation Guide - Page 45

Understanding CHAP Authentication, What is CHAP?, Target CHAP, Mutual CHAP

View all Dell PowerVault MD3000i manuals

Add to My Manuals
Save this manual to your list of manuals

Page 45 highlights

Understanding CHAP Authentication Before proceeding to either Step 5: Configure CHAP Authentication on the Storage Array (optional) or Step 6: Configure CHAP Authentication on the Host Server (optional), it would be useful to gain an overview of how CHAP authentication works. What is CHAP? Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI authentication method where the storage array (target) authenticates iSCSI initiators on the host server. Two types of CHAP are supported: target CHAP and mutual CHAP. Target CHAP In target CHAP, the storage array authenticates all requests for access issued by the iSCSI initiator(s) on the host server via a CHAP secret. To set up target CHAP authentication, you enter a CHAP secret on the storage array, then configure each iSCSI initiator on the host server to send that secret each time it attempts to access the storage array. Mutual CHAP In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator authenticate each other. To set up mutual CHAP, you configure the iSCSI initiator with a CHAP secret that the storage array must send to the host sever in order to establish a connection. In this two-way authentication process, both the host server and the storage array are sending information that the other must validate before a connection is allowed. CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any host server connected to the same IP network as the storage array can read from and write to the storage array. NOTE: If you elect to use CHAP authentication, you should configure it on both the storage array (using MD Storage Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you prepare disks to receive data before you configure CHAP authentication, you will lose visibility to the disks once CHAP is configured. Setting Up Your iSCSI Storage Array 45

Section	Page
Contents	3
Introduction	7
System Requirements	7
Management Station Hardware Requirements	7
Introduction to Storage Arrays	8
Hardware Installation	9
Storage Configuration Planning	9
About the Enclosure Connections	9
Cabling the Enclosure	10
Redundancy vs. Nonredundancy	10
Direct-Attached Solutions	10
Network-Attached Solutions	13
Attaching MD1000 Expansion Enclosures	15
Expanding with Previously Configured MD1000 Enclosures	16
Expanding with New MD1000 Enclosures	17
Software Installation	19
System Assembly and Startup	19
Install the iSCSI Initiator Software (iSCSI-attached Host Servers Only)	19
Installing the iSCSI Initiator on a Windows Host Server	20
Installing the iSCSI Initiator on a Linux Host Server	20
Installing MD Storage Software	23
Installing MD Storage Software on an iSCSI-attached Host Server (Windows)	23
Installing MD Storage Software on an iSCSI-attached Host Server (Linux)	25
Installing a Dedicated Management Station (Windows and Linux)	27
Documentation for Windows Systems	28
Viewing Resource CD Contents	28
Installing the Manuals	28
Documentation for Linux Systems	29
Viewing Resource CD Contents	29
Installing the Manuals	30
Array Setup and iSCSI Configuration	31
Before You Start	31
Terminology	31
iSCSI Configuration Worksheet	32
Configuring iSCSI on Your Storage Array	35
Using iSNS	35
Step 1: Discover the Storage Array (Out-of-band management only)	36
Default Management Port Settings	36
Automatic Storage Array Discovery	36
Manual Storage Array Discovery	36
Set Up the Array	37
Step 2: Configure the iSCSI Ports on the Storage Array	39
Step 3: Perform Target Discovery from the iSCSI Initiator	40
If you are using Windows Server 2003 or Windows Server 2008 GUI version	40
If you are using Windows Server 2008 Core Version	40
If you are using Linux Server	41
If you are using RHEL 5 or SLES 10 SP1	42
Step 4: Configure Host Access	44
Understanding CHAP Authentication	45
What is CHAP?	45
Target CHAP	45
Mutual CHAP	45
CHAP Definitions	46
How CHAP Is Set Up	46
Step 5: Configure CHAP Authentication on the Storage Array (optional)	47
Configuring Target CHAP Authentication on the Storage Array	47
Configuring Mutual CHAP Authentication on the Storage Array	48
Step 6: Configure CHAP Authentication on the Host Server (optional)	49
If you are using Windows Server 2003 or Windows Server 2008 GUI version	49
If you are using Windows Server 2008 Core Version	50
If you are using Linux Server	50
If you are using RHEL 5 or SLES 10 SP1	52
If you are using SLES10 SP1 via the GUI	53
Step 7: Connect to the Target Storage Array from the Host Server	54
If you are using Windows Server 2003 or Windows Server 2008 GUI	54
If you are using Windows Server 2008 Core Version	55
If you are using a Linux Server	56
Viewing the status of your iSCSI connections	57
Step 8: (Optional) Set Up In-Band Management	58
Premium Features	59
Troubleshooting Tools	59
Uninstalling Software	61
Uninstalling From Windows	61
Uninstalling From Linux	62
Guidelines for Configuring Your Network for iSCSI	63
Windows Host Setup	63
Linux Host Setup	64
Configuring TCP/IP on Linux using DHCP (root users only)	65
Configuring TCP/IP on Linux using a Static IP address (root users only)	65

Match case Limit results 1 per page

Setting Up Your iSCSI Storage Array

Understanding CHAP Authentication

Before proceeding to either

Step 5: Configure CHAP Authentication on the Storage Array (optional)

Step 6: Configure CHAP Authentication on the Host Server (optional),

it would be useful to gain an

overview of how CHAP authentication works.

What is CHAP?

Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI authentication method

where the storage array (target) authenticates iSCSI initiators on the host server. Two types of CHAP are

supported:

target

CHAP and

mutual

CHAP.

Target CHAP

In target CHAP, the storage array authenticates all requests for access issued by the iSCSI initiator(s) on

the host server via a CHAP secret. To set up target CHAP authentication, you enter a CHAP secret on

the storage array, then configure each iSCSI initiator on the host server to send that secret each time it

attempts to access the storage array.

Mutual CHAP

In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array

and

the iSCSI initiator authenticate each other. To set up mutual CHAP, you configure the iSCSI initiator

with a CHAP secret that the storage array must send to the host sever in order to establish a connection.

In this two-way authentication process, both the host server and the storage array are sending

information that the other must validate before a connection is allowed.

CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP

authentication, any host server connected to the same IP network as the storage array can read from and

write to the storage array.

NOTE:

If you elect to use CHAP authentication, you should configure it on both the storage array (using MD

Storage Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data.

If you prepare disks to receive data before you configure CHAP authentication, you will lose visibility to the

disks once CHAP is configured.