Dell PowerVault MD3660i Deployment Guide - Page 38

Mutual CHAP, CHAP Definitions, Step 5: Con CHAP Authentication On The Storage Array (Optional)

Get Dell PowerVault MD3660i PDF manuals and user guides View all Dell PowerVault MD3660i manuals
Add to My Manuals
Save this manual to your list of manuals

Page 38 highlights

Mutual CHAP In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator authenticate each other. To set up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the storage array must send to the host sever in order to establish a connection. In this two-way authentication process, both the host server and the storage array send information that the other must validate before a connection is allowed. CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any host server connected to the same IP network as the storage array can read from and write to the storage array. NOTE: When using CHAP authentication, you should configure it on both the storage array (using MD Storage Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP is configured. CHAP Definitions To summarize the differences between target CHAP and mutual CHAP authentication, see the following table. CHAP Type Target CHAP Mutual CHAP Description Sets up accounts that iSCSI initiators use to connect to the target storage array. The target storage array then authenticates the iSCSI initiator. Applied in addition to target CHAP, mutual CHAP sets up an account that a target storage array uses to connect to an iSCSI initiator. The iSCSI initiator then authenticates the target. Step 5: Configure CHAP Authentication On The Storage Array (Optional) If you are not configuring any type of CHAP, skip these steps and go to Step 7: Connect To The Target Storage Array From The Host Server. NOTE: If you choose to configure mutual CHAP authentication, you must first configure target CHAP. In terms of iSCSI configuration, the term Target always refers to the storage array. Configuring Target CHAP Authentication On The Storage Array 1. From MD Storage Manager, click the iSCSI tab and then click Change Target Authentication. Select one of the CHAP settings described in the following table. CHAP Setting Description None This is the default selection. If None is the only selection, the storage array allows an iSCSI initiator to log on without supplying any type of CHAP authentication. None and CHAP The storage array allows an iSCSI initiator to log on with or without CHAP authentication. 38

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
Mutual CHAP
In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator
authenticate each other. To set up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the storage array
must send to the host sever in order to establish a connection. In this two-way authentication process, both the host
server and the storage array send information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any
host server connected to the same IP network as the storage array can read from and write to the storage array.
NOTE:
When using CHAP authentication, you should configure it on both the storage array (using MD Storage
Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you
prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP
is configured.
CHAP Definitions
To summarize the differences between target CHAP and mutual CHAP authentication, see the following table.
CHAP Type
Description
Target CHAP
Sets up accounts that iSCSI initiators use to connect to
the target storage array. The target storage array then
authenticates the iSCSI initiator.
Mutual CHAP
Applied in addition to target CHAP, mutual CHAP sets up
an account that a target storage array uses to connect to
an iSCSI initiator. The iSCSI initiator then authenticates
the target.
Step 5: Configure CHAP Authentication On The Storage Array
(Optional)
If you are not configuring any type of CHAP, skip these steps and go to
Step 7: Connect To The Target Storage Array
From The Host Server
.
NOTE:
If you choose to configure mutual CHAP authentication, you must first configure target CHAP.
In terms of iSCSI configuration, the term Target always refers to the storage array.
Configuring Target CHAP Authentication On The Storage Array
1.
From
MD Storage Manager
, click the
iSCSI
tab and then click
Change Target Authentication
.
Select one of the CHAP settings described in the following table.
CHAP Setting
Description
None
This is the default selection. If
None
is the only selection, the storage array allows an
iSCSI initiator to log on without supplying any type of CHAP authentication.
None and CHAP
The storage array allows an iSCSI initiator to log on with or without CHAP
authentication.
38