Home » HP Manuals » Storage Devices » HP XP20000/XP24000 » Manual Viewer

HP XP20000/XP24000 HP StorageWorks MPX200 Multifunction Router User Guide (569 - Page 105

Setting up authentication, Restrictions, MPIO - use HP DSM or the Microsoft Generic DSM

View all HP XP20000/XP24000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 105 highlights

Requirements • Operating system: Windows Server 2008 Enterprise, SP2, R2, x86/x64 • Firmware: Minimum version-3.1.0.0, released November 2009 • Initiator: • Multiple NIC/iSCSI HBA ports-four recommended • one public • one private • two storage, for higher availability and performance • MPIO - use HP DSM or the Microsoft Generic DSM • HP recommends using the latest available • Connectivity: Dual blade configuration for redundancy Setting up authentication CHAP is an authentication protocol used for secure login between the iSCSI initiator and iSCSI target. CHAP uses a challenge-response security mechanism to verify the identity of an initiator without revealing the secret password shared by the two entities. It is also referred to as a three-way handshake. With CHAP, the initiator must prove to the target that it knows the shared secret without actually revealing the secret. NOTE: Setting up authentication for your iSCSI devices is optional. If you require authentication, HP recommends that you configure it after you have properly verified installation and operation of the iSCSI implementation without authentication. In a secure environment, authentication may not be required-access to targets is limited to trusted initiators. In a less secure environment, the target cannot determine if a connection request is from a certain host. In this case, the target can use CHAP to authenticate an initiator. When an initiator contacts a target that uses CHAP, the target (called the authenticator) responds by sending the initiator a challenge. The challenge consists of information that is unique to the authentication session. The initiator encrypts this information using a previously issued password that is shared by both the initiator and the target. The encrypted information is then returned to the target. The target has the same password and uses it as a key to encrypt the information that it originally sent to the initiator. The target compares its results with the encrypted results sent by the initiator; if they are the same, the initiator is considered authentic. These steps are repeated throughout the authentication session to verify that the correct initiator is still connected. These schemes are called proof-of-possession protocols. The challenge requires that an entity prove possession of a shared key or one of the key pairs in a public-key scheme. See the following RFCs for detailed information about CHAP: • RFC 1994 (PPP Challenge Handshake Authentication Protocol, August 1996) • RFC 2433 (Microsoft PPP CHAP Extensions, October 1998) • RFC 2759 (Microsoft PPP CHAP Extensions version 2, January 2000) Restrictions The CHAP restrictions are: MPX200 Multifunction Router User Guide 105

Section	Page
MPX200 Multifunction Router User Guide	1
Contents	3
1 MPX200 Multifunction Router overview	15
MPX200 features	15
MPX200 configuration options for EVA	18
MPX200 configurations for XP24000/20000	21
Planning the MPX200 installation	24
Total number of initiators	25
Number of paths required per initiator	25
Use of iSNS	25
Use of iSCSI ports	25
Balancing the load	25
10-GbE initiators	26
CHAP security	26
2 Installing the MPX200	27
MPX200 components	27
3 Managing the MPX200 using HP Command View EVA	35
Setting up the MPX200 management port	35
Fibre Channel zoning	35
Open zoning	35
Fibre Channel switch-based zoning	36
HP Command View EVA discovery	37
Setting up the iSCSI IP ports	39
Setting the date and time on the MPX200	40
Code load	41
Shutting down and restarting the MPX200	42
Saving or restoring the MPX200 configuration	42
Locating the MPX200	43
Removing an iSCSI controller	44
4 Managing the MPX200 for XP 24000/20000	47
Setting up the MPX200 management port	47
Set up the iSCSI ports	48
Fibre Channel zoning	48
LUN management	49
5 MPX200 iSCSI configuration rules and guidelines	53
iSCSI rules and supported maximums	53
EVA storage system rules and guidelines	54
HP Command View EVA management rules and guidelines	54
EVA storage system software	55
Features supported for iSCSI hosts	55
Features not supported for iSCSI hosts	55
XP storage system rules and guidelines	56
Fibre Channel switch and fabric support	56
Operating system and multipath software support	56
iSCSI initiator rules and guidelines	57
Apple Mac OS X iSCSI initiator rules and guidelines	57
Microsoft Windows iSCSI initiator rules and guidelines	57
Linux iSCSI initiator rules and guidelines	58
Solaris iSCSI initiator rules and guidelines	58
VMware iSCSI initiator rules and guidelines	58
Supported IP network adapters	60
IP network requirements	60
Setting up the iSCSI initiator	60
Windows Server iSCSI initiator	60
Multipathing	66
Installing the MPIO feature for Windows Server 2008	67
Installing the MPIO feature for Windows Server 2003	69
Microsoft Windows Server 2003 Scalable Networking Pack	69
Setting up SNP for the HP NC3xxx Multifunction Gigabit server adapter	70
iSCSI initiator setup for Apple Mac OS X (single-path)	70
Setting up the iSCSI initiator for Apple Mac OS X	70
Setting up storage for Apple Mac OS X	75
iSCSI initiator setup for Linux	75
Installing and configuring the SUSE Linux Enterprise 10 iSCSI driver	75
Installing and configuring the iSCSI driver for Red Hat 5	78
Installing and configuring the iSCSI driver for Red Hat 4 and SUSE 9	79
Installing the iSCSI initiator for Red Hat 3 and SUSE 8	79
Assigning device names	80
Target bindings	81
Mounting file systems	81
Unmounting file systems	82
Presenting EVA storage for Linux	82
iSCSI Initiator setup for VMware	82
Configuring multipath with the Solaris 10 iSCSI initiator	87
MPxIO overview	88
Preparing the host system	88
Enabling MPxIO for an HP EVA storage array	88
Editing the scsi_vhci.conf file	88
Editing the sgen.conf file	90
Creating an sgen driver alias	91
Enable iSCSI target discovery	92
Modifying the target parameter MaxRecvDataSegLen	93
Monitoring the multipath devices	94
Configuring Microsoft MPIO iSCSI devices	96
Microsoft MPIO for iSCSI load-balancing policies	97
Microsoft MPIO with QLogic iSCSI HBA	98
Installing the QLogic iSCSI HBA	98
Installing the Microsoft iSCSI initiator services and MPIO	98
Configuring the QLogic iSCSI HBA	99
Adding targets to the QLogic iSCSI initiator	101
Presenting LUNs to the QLogic iSCSI initiator	102
Installing the HP MPIO Full Featured DSM for EVA	102
Microsoft Windows Cluster support	103
Microsoft Cluster Server for Windows 2003	103
Microsoft Cluster Server for Windows 2008	104
Setting up authentication	105
Restrictions	105
Microsoft initiator CHAP secret restrictions	106
Linux CHAP restrictions	106
ATTO Macintosh CHAP restrictions	106
Recommended CHAP policies	106
iSCSI session types	106
MPX200 CHAP modes	106
Enabling single-direction CHAP during discovery session and normal session	107
Enabling CHAP for the MPX200-discovered iSCSI initiator entry	108
Enabling CHAP for the Microsoft iSCSI initiator	108
Enabling CHAP for the open-iscsi iSCSI initiator	109
Enabling single-direction CHAP during discovery session and bidirectional CHAP during normal session	111
Enabling bidirectional CHAP during discovery session and single-direction CHAP during normal session	112
Enabling bidirectional CHAP during discovery session and bidirectional CHAP during normal session	115
6 MPX200 FCIP	117
MPX200 FCIP product description	117
Redundant FCIP network structure example	118
Using FCIP to encapsulate FC packets	118
FCIP Impact on existing iSCSI configurations	118
FCIP and iSCSI performance	120
MPX200 iSCSI/FCIP configurations	120
HP Continuous Access EVA 3–site configurations	125
3-site configuration with four MPX200 routers	126
3-site configuration with six MPX200 routers	126
3-site configuration with eight MPX200 routers	127
3-site configuration with six MPX200 routers and full inter-site connectivity	128
FCIP configuration rules and guidelines	129
General FCIP configuration rules	129
Operating system and multipath support	130
Storage system rules and guidelines	130
Fibre Channel switch and firmware support	130
FC switch requirements	131
IP network requirements	131
IP performance tuning	131
Distance	132
Bandwidth per route	132
Latency	132
MTU/Jumbo frames	132
Compression	133
TCP window size/scaling performance tuning	133
Modifying the window size and scaling factor	134
TCP window size and scaling factor recommendations	134
Configuring an FCIP route	137
Step 1. Verify your system requirements	137
Step 2. Pre-installation checklist	138
Step 3. Rack-mount the MPX200	138
Step 4. Install the SFPs	138
Step 5. Set the MPX200 management port parameters	139
Step 6. Configure the MPX200 FCIP Route parameters	140
Install FCIP license	140
Critical FCIP Performance settings	141
Configure the FCIP routes using the CLI	141
Step 7. Configure FC switch settings for the MPX200	142
Step 8. Cable the MPX200 FC, GE, and management ports	142
Step 9. Verify FCIP links and firmware version	143
7 MPX200 FCoE feature description	145
FCoE configurations	145
Setting up for FCoE connectivity	146
8 Diagnostics and troubleshooting	153
MPX200 chassis diagnostics	153
Input Power LED is extinguished	153
System Fault LED is illuminated	154
Fibre Channel Port LEDs	154
Power-on self-test (POST) diagnostics	154
Heartbeat LED blink patterns	154
Normal blink pattern	154
System error blink pattern	155
Management port IP address conflict blink pattern	155
Over-temperature blink pattern	155
Locating the MPX200 blade	155
MPX200 log data	156
MPX200 statistics	156
MPX200 ping command	157
Troubleshooting using HP Command View EVA	157
Issues and solutions	158
HP Command View EVA does not discover MPX200	158
Initiator cannot log in to MPX200 iSCSI target	158
Initiator logs in to MPX200 iSCSI target, but EVA-assigned LUNs do not appear on initiator	159
EVA-presented virtual disk not seen by initiator	159
Windows initiators may display Reconnecting if NIC MTU changes after connection has logged in	160
Communication between HP Command View EVA and MPX200 is down	161
HP Command View EVA issues and solutions	161
9 Support and other resources	163
Intended audience	163
Related documentation	163
Contacting HP	163
HP technical support	163
Subscription service	164
Product feedback	164
Documentation feedback	164
Related information	164
HP Websites	164
Typographical conventions	165
Rack stability	166
Product warranties	166
A Command reference	167
Command syntax	167
Command line completion	167
Authority requirements	167
Commands	168
Admin	168
Beacon	169
Blade	169
Clear	169
Date	170
Exit	170
Fciproute	171
FRU	173
Help	173
History	175
Image	175
Initiator	176
Logout	177
Lunmask	177
Passwd	179
Ping	179
Quit	180
Reboot	180
Reset	181
Save	181
Set	182
Set alias	183
Set CHAP	184
Set chassis	184
Set FC	185
Set features	186
Set iSCSI	186
Set iSNS	186
Set Mgmt	187
Set NTP	188
Set properties	188
Set SNMP	188
Set system	189
Set VPGroups	190
Show	191
Show CHAP	193
Show chassis	193
Show FC	194
Show fciproutes	194
Show features	195
Show initiators	195
Show initiators LUNmask	196
Show iSCSI	196
Show iSNS	197
Show logs	197
Show LUNinfo	198
Show LUNs	198
Show LUNmask	199
Show memory	199
Show mgmt	200
Show NTP	200
Show perf	201
Show presented targets	202
Show properties	203
Show SNMP	203
Show stats	204
Show system	206
Show targets	207
Show VPGroups	207
Shutdown	208
Target	208
Traceroute	209
B Command Line Interface usage	211
Logging on to an MPX200	211
Understanding the guest account	212
Working with MPX200 router configurations	213
Modifying a configuration	213
Saving and restoring router configurations	213
Restoring router configuration and persistent data	214
C Simple Network Management Protocol setup	215
SNMP parameters	215
SNMP trap configuration parameters	216
Management Information Base	216
Network port table	216
FC port table	218
Initiator object table	220
LUN table	222
VP group table	224
Sensor table	227
Notifications	228
System information objects	229
Notification objects	230
Agent startup notification	230
Agent shutdown notification	230
Network port down notification	230
FC port down notification	231
Target device discovery	231
Target presentation (mapping)	231
VP group notification	232
Sensor notification	232
Generic notification	233
D Log messages	235
E HP StorageWorks mpx100/mpx100b to MPX200 Upgrade	259
To upgrade from mpx100/mpx100b to the MPX200 Multifunction Router:	259
F Regulatory compliance and safety	261
Regulatory compliance notices	261
Federal Communications Commission notice for Class A equipment	261
Modifications	261
Cables	261
Regulatory compliance identification numbers	261
Laser device	261
Laser safety warning	262
Certification and classification information	262
Laser product label	262
International notices and statements	263
Canadian notice (avis Canadien)	263
Class A equipment	263
BSMI notice	263
Japanese notice	263
Korean notices	264
Safety notices	264
Battery replacement notice	264
Taiwan battery recycling notice	265
Power cords	265
Japanese power cord statement	265
Waste Electrical and Electronic Equipment directive	265
English notice	265
Dutch notice	266
Czechoslovakian notice	266
Estonian notice	266
Finnish notice	266
French notice	267
German notice	267
Greek notice	267
Hungarian notice	268
Italian notice	268
Latvian notice	268
Lithuanian notice	268
Polish notice	269
Portuguese notice	269
Slovakian notice	269
Slovenian notice	270
Spanish notice	270
Swedish notice	270
G Saving and restoring the MPX200 configuration	271
Saving the configuration using MPX200 CLI	271
Restoring the configuration using MPX200 CLI	272
Glossary	273

Match case Limit results 1 per page

Requirements

•

Operating system

: Windows Server 2008 Enterprise, SP2, R2, x86/x64

•

Firmware

: Minimum version

—

3.1.0.0, released November 2009

•

Initiator

•

Multiple NIC/iSCSI HBA ports

—

four recommended

•

one public

•

one private

•

two storage, for higher availability and performance

•

MPIO - use HP DSM or the Microsoft Generic DSM

•

HP recommends using the latest available

•

Connectivity

: Dual blade configuration for redundancy

Setting up authentication

CHAP is an authentication protocol used for secure login between the iSCSI initiator and iSCSI target.

CHAP uses a challenge-response security mechanism to verify the identity of an initiator without

revealing the secret password shared by the two entities. It is also referred to as a three-way handshake.

With CHAP, the initiator must prove to the target that it knows the shared secret without actually

revealing the secret.

NOTE:

Setting up authentication for your iSCSI devices is optional. If you require authentication, HP

recommends that you configure it after you have properly verified installation and operation of the

iSCSI implementation without authentication.

In a secure environment, authentication may not be required

—

access to targets is limited to trusted

initiators. In a less secure environment, the target cannot determine if a connection request is from a

certain host. In this case, the target can use CHAP to authenticate an initiator.

When an initiator contacts a target that uses CHAP, the target (called the

authenticator

) responds by

sending the initiator a challenge. The challenge consists of information that is unique to the

authentication session. The initiator encrypts this information using a previously issued password that

is shared by both the initiator and the target. The encrypted information is then returned to the target.

The target has the same password and uses it as a key to encrypt the information that it originally

sent to the initiator. The target compares its results with the encrypted results sent by the initiator; if

they are the same, the initiator is considered authentic. These steps are repeated throughout the

authentication session to verify that the correct initiator is still connected.

These schemes are called proof-of-possession protocols. The challenge requires that an entity prove

possession of a shared key or one of the key pairs in a public-key scheme.

See the following RFCs for detailed information about CHAP:

•

RFC 1994 (PPP Challenge Handshake Authentication Protocol, August 1996)

•

RFC 2433 (Microsoft PPP CHAP Extensions, October 1998)

•

RFC 2759 (Microsoft PPP CHAP Extensions version 2, January 2000)

Restrictions

The CHAP restrictions are:

MPX200 Multifunction Router User Guide

105