Dell TL2000 Product Guide - Page 15

Reference information Terminology CHAP (Challenge Handshake Authentication Protocol). An optional security protocol used to control access to an iSCSI storage system by restricting use of the iSCSI data ports on both the host server and iSCSI to SAS bridge. For more information on the types of CHAP authentication supported, see Understanding CHAP Authentication. Host server port iSCSI port on the host server used to connect it to bridge. iSCSI initiator The iSCSI-specific software installed on the host server that controls communications between the host server and the iSCSI to SAS bridge. NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. Understanding CHAP Authentication Before proceeding to either Step 5: Configure CHAP Authentication on the ISCSI to SAS bridge (optional) or Step 6: Configure CHAP Authentication on the Host Server (optional), it would be useful to gain an overview of how CHAP authentication works. What is CHAP? Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI authentication method where the iSCSI to SAS bridge (target) authenticates iSCSI initiators on the host server. Two types of CHAP are supported: target CHAP and mutual CHAP. Target CHAP In target CHAP, the iSCSI to SAS bridge authenticates all requests for access issued by the iSCSI initiator(s) on the host server via a CHAP secret. To set up target CHAP authentication, you enter a CHAP secret on the iSCSI to SAS bridge, then configure each iSCSI initiator on the host server to send that secret each time it attempts to access the iSCSI to SAS bridge. Mutual CHAP In addition to setting up target CHAP, you can set up mutual CHAP in which both the iSCSI to SAS bridge and the iSCSI initiator authenticate each other. To set up mutual CHAP, you configure the iSCSI initiator with a CHAP secret that the iSCSI to SAS bridge must send to the host sever in order to establish a connection. In this two-way authentication process, both the host server and the iSCSI to SAS bridge are sending information that the other must validate before a connection is allowed. CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any host server connected to the same IP network as the iSCSI to SAS bridge can read from and write to the iSCSI to SAS bridge. Using iSNS iSNS (Internet Storage Naming Service) Server, supported only on Windows iSCSI environments, eliminates the need to manually configure each individual iSCSI to SAS bridge with a specific list of initiators and target IP addresses. Instead, iSNS automatically discovers, manages, and configures all iSCSI devices in your environment. For more information on iSNS, including installation and configuration, see www.microsoft.com Page 15