Dell PowerVault MD3660i Deployment Guide - Page 38
Mutual CHAP, CHAP Definitions, Step 5: Con CHAP Authentication On The Storage Array (Optional)
![]() |
View all Dell PowerVault MD3660i manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 38 highlights
Mutual CHAP In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator authenticate each other. To set up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the storage array must send to the host sever in order to establish a connection. In this two-way authentication process, both the host server and the storage array send information that the other must validate before a connection is allowed. CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any host server connected to the same IP network as the storage array can read from and write to the storage array. NOTE: When using CHAP authentication, you should configure it on both the storage array (using MD Storage Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP is configured. CHAP Definitions To summarize the differences between target CHAP and mutual CHAP authentication, see the following table. CHAP Type Target CHAP Mutual CHAP Description Sets up accounts that iSCSI initiators use to connect to the target storage array. The target storage array then authenticates the iSCSI initiator. Applied in addition to target CHAP, mutual CHAP sets up an account that a target storage array uses to connect to an iSCSI initiator. The iSCSI initiator then authenticates the target. Step 5: Configure CHAP Authentication On The Storage Array (Optional) If you are not configuring any type of CHAP, skip these steps and go to Step 7: Connect To The Target Storage Array From The Host Server. NOTE: If you choose to configure mutual CHAP authentication, you must first configure target CHAP. In terms of iSCSI configuration, the term Target always refers to the storage array. Configuring Target CHAP Authentication On The Storage Array 1. From MD Storage Manager, click the iSCSI tab and then click Change Target Authentication. Select one of the CHAP settings described in the following table. CHAP Setting Description None This is the default selection. If None is the only selection, the storage array allows an iSCSI initiator to log on without supplying any type of CHAP authentication. None and CHAP The storage array allows an iSCSI initiator to log on with or without CHAP authentication. 38
![](/manual_guide/products/dell-powervault-md3660i-deployment-guide-12c5efa/38.png)