background image

Target CHAP

In target CHAP, the storage array authenticates all requests for access issued by the iSCSI initiator(s) on the host server 
using a CHAP secret. To set up target CHAP authentication, you must enter a CHAP secret on the storage array, then 
configure each iSCSI initiator on the host server to send that secret each time it attempts to access the storage array.

Mutual CHAP

In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator 
authenticate each other. To set up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the storage array 
must send to the host sever in order to establish a connection. In this two-way authentication process, both the host 
server and the storage array send information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any 
host server connected to the same IP network as the storage array can read from and write to the storage array.

NOTE: When using CHAP authentication, you should configure it on both the storage array (using MD Storage 
Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you 
prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP 
is configured.

CHAP Definitions

To summarize the differences between target CHAP and mutual CHAP authentication, see the following table.

CHAP Type

Description

Target CHAP

Sets up accounts that iSCSI initiators use to connect to 

the target storage array. The target storage array then 

authenticates the iSCSI initiator.

Mutual CHAP

Applied in addition to target CHAP, mutual CHAP sets up 

an account that a target storage array uses to connect to 

an iSCSI initiator. The iSCSI initiator then authenticates 

the target.

Step 5: Configure CHAP Authentication On The Storage Array 

(Optional)

If you are not configuring any type of CHAP, skip these steps and go to 

Step 7: Connect To The Target Storage Array 

From The Host Server

.

NOTE: If you choose to configure mutual CHAP authentication, you must first configure target CHAP.

In terms of iSCSI configuration, the term Target always refers to the storage array.

Configuring Target CHAP Authentication On The Storage Array

1.

From MD Storage Manager, click the iSCSI tab and then click Change Target Authentication.
Select one of the CHAP settings described in the following table.

38

Содержание PowerVault MD3260i Series

Страница 1: ...Dell PowerVault MD3260i Series Storage Arrays Deployment Guide ...

Страница 2: ... Sempron are trademarks of Advanced Micro Devices Inc Microsoft Windows Windows Server Internet Explorer MS DOS Windows Vista and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat Inc in the United States and or other countries Novell and SUSE...

Страница 3: ...xpanding With New PowerVault MD3060e Expansion Enclosures 17 3 Installing MD Storage Manager 19 Modular Disk Configuration Utility 19 Graphical Installation Recommended 20 Console Installation 20 Silent Installation 21 Silent Installation On Windows 21 Silent Installation On Linux 21 Enabling Premium Features Optional 21 Upgrading PowerVault MD Storage Manager 21 4 Post Installation Tasks 23 Befor...

Страница 4: ...rray 34 Step 2 Configure The iSCSI Ports On The Storage Array 35 Step 3 Perform Target Discovery From The iSCSI Initiator 35 For Windows Server 2003 Or Windows Server 2008 GUI Version 36 For Windows Server 2008 Core Version 36 For Red Hat Enterprise Linux 5 Or 6 SUSE Linux Enterprise Server 10 Or 11 36 Step 4 Configure Host Access 37 Understanding CHAP Authentication 37 What Is CHAP 37 Target CHAP...

Страница 5: ...nd Robin With Subset 47 Least Queue Depth With Subset 47 Changing Load Balance Policies In Windows Sever 2008 47 Changing The Load Balance Policy Using Windows Server 2008 Device Manager Options 47 Changing The Load Balance Policy Using The Windows Server 2008 Disk Management Options 48 Increasing Bandwidth With Multiple iSCSI Sessions 48 10 Appendix Stopping And Starting iSCSI Services In Linux 5...

Страница 6: ...6 ...

Страница 7: ...led and minimum system requirements are met For more information see the Support Matrix at support dell com manuals Management Station Requirements A management station uses MD Storage Manager to configure and manage storage arrays across the network A management station must meet the following minimum system requirements Intel Pentium or an equivalent processor 1333 MHz or faster with 512 MB RAM ...

Страница 8: ...age Manager you can configure the physical disks in the storage array into logical components called disk groups and then divide the disk groups into virtual disks Disk groups are created in the unconfigured capacity of a storage array Virtual disks are created in the free capacity of a disk group Unconfigured capacity comprises physical disks not already assigned to a disk group When a virtual di...

Страница 9: ...ntory a second for financial and tax information and a third for customer information Decide whether to allow space for hot spares which automatically replace failed physical disks Connecting The Storage Array The storage array is connected to a host using two hot swappable RAID controller modules The RAID controller modules are identified as RAID controller module 0 and RAID controller module 1 E...

Страница 10: ...e array Redundancy is established by installing separate data paths between the host and the storage array in which each path is to one of the two RAID controller modules installed in the storage array Redundancy protects the host from losing access to data in the event of path failure because both RAID controller modules can access all the disks in the storage array Direct Attached Configurations...

Страница 11: ...AID controller modules If the host server has a second Ethernet connection to the array it can be attached to the iSCSI ports on the array s second controller This configuration provides improved availability by allowing two separate physical paths for each host which ensures full redundancy if one of the paths fail 11 ...

Страница 12: ...In the following figure up to four cluster nodes are directly attached to two RAID controller modules Since each cluster node has redundant paths loss of a single path would still allow access to the to the storage array through the alternate path 12 ...

Страница 13: ...Figure 3 Four Cluster Nodes Connected to Two Controllers 13 ...

Страница 14: ... an IP SAN the PowerVault MD3260i Series storage array can support up to 64 hosts simultaneously This configuration supports single path data configurations The following figure shows up to 64 stand alone servers attached using multiple sessions to a RAID controller module through a network Hosts that have a second Ethernet connection to the network allow two separate physical paths for each host ...

Страница 15: ...Figure 4 64 Servers Connected to Two Controllers 15 ...

Страница 16: ... 1 Back up all data on the expansion enclosure s 2 Upgrade the expansion enclosure firmware to the latest version available at support dell com while the enclosure is still attached to the PERC H800 controller Windows systems users can reference the DUP exe package and Linux kernel users can reference the DUP bin package 3 Ensure that the storage array software is installed and up to date before a...

Страница 17: ...are from the Enterprise Management Window EMW 5 Stop all I O to the storage array and turn off affected host systems attached to the storage array 6 Turn off the storage array 7 Turn off any expansion enclosure s in the affected system 8 Cable the expansion enclosure s to the storage array 9 Turn on the expansion enclosure s and wait for the enclosure status LED to turn blue 10 Turn on the storage...

Страница 18: ...18 ...

Страница 19: ...lume Shadow Copy Service VSS framework NOTE For more information about the Microsoft VDS and Microsoft VSS providers see the Administrator s Guide at support dell com manuals NOTE To install the software on a Windows or Linux system you must have administrative or root privileges NOTE If Dynamic Host Configuration Protocol DHCP is not used initial configuration of the management station must be pe...

Страница 20: ...model s you are setting up to serve as data storage for this host server 6 Choose whether to start the event monitor service automatically when the host server reboots or manually NOTE This option is applicable only to Windows client software installation 7 Confirm the installation location and click Install 8 If prompted reboot the host server after the installation completes 9 Start MD Storage M...

Страница 21: ...he root directory to install prerequisite packages md_prereq_install sht 1 Copy the custom_silent properties file in the windows folder of the installation media or image to a writable location on the host server 2 Modify the custom_silent properties file to reflect the features models and installation options to be used Then save the file 3 After the custom_silent properties file is revised run t...

Страница 22: ...22 ...

Страница 23: ... to complete the process more efficiently iSCSI Configuration Terminology Term Definition CHAP Challenge Handshake Authentication Protocol Access to an iSCSI storage system by restricting use of the iSCSI data ports on both the host server and storage array For more information on the types of CHAP authentication supported see Understanding CHAP Authentication Host or host server A server connecte...

Страница 24: ...ptional Configure CHAP authentication on the storage array 6 Optional Configure CHAP authentication on the host server 7 Connect to the storage array from the host server 8 Optional Set up in band management NOTE It is recommended that you use the PowerVault Modular Disk Configuration Utility MDCU for iSCSI configuration The PowerVault MDCU wizards guides you through the configuration steps descri...

Страница 25: ...ess the storage arrays Depending on your network configuration your host may be the same machine you use to manage your storage arrays or it may be on a completely separate network The option to configure a host is disabled if the machine the utility is running on does not have an iSCSI initiator or the required driver components installed When the option is disabled the utility also displays an i...

Страница 26: ...ate to the opt dell mdstoragesoftware mdconfigurationutility directory in a terminal window and run PowerVault MDCU The MDCU automatically discovers all the available storage arrays 2 In the Discover MD Arrays window select the iSCSI storage array you want to configure 3 In the Selected Array window review current port and session information 4 Click Config Wizard to start the iSCSI configuration ...

Страница 27: ... iSCSI ports Using A DHCP server If you are using a DHCP server 1 In the Control Panel select Network connections or Network and Sharing Center and then click Manage network connections 2 Right click the network connection you want to configure and select Properties 3 On the General tab for a local area connection or the Networking tab for all other connections select Internet Protocol TCP IP and ...

Страница 28: ...onnection or the Networking tab for all other connections select Internet Protocol TCP IP and then click Properties 4 Select Advanced WINS tab and click Add 5 In the TCP IP WINS server window type the IP address of the WINS server and click Add 6 To enable use of the Lmhosts file to resolve remote NetBIOS names select Enable LMHOSTS lookup 7 To specify the location of the file that you want to imp...

Страница 29: ... If you are using a static IP address root users only 1 Edit the etc sysconfig network file as follows NETWORKING yes HOSTNAME mymachine mycompany com GATEWAY 255 255 255 0Ž 2 Edit the configuration file for the connection you want to configure either etc sysconfig network scripts ifcfg ethX for Red Hat Enterprise Linux or etc sysconfig network ifcfg eth id XX XX XX XX XX for SUSE Enterprise Linux...

Страница 30: ...30 ...

Страница 31: ...indows Server 2008 GUI versions 1 Double click Programs and Features from the Control Panel 2 Select MD Storage Software from the list of programs 3 Click Uninstall Change The Uninstall Complete window is displayed 4 Follow the instructions on screen 5 Select Yes to restart the system then click Done Uninstall MD Storage Manager From Windows Server 2008 Core Versions To uninstall PowerVault Modula...

Страница 32: ...ginning the uninstallation procedure 1 From the installation directory open the Uninstall Dell MD Storage Software directory 2 Run the file Uninstall Dell MD Storage Software exe 3 From the Uninstall window click Next and follow the instructions on the screen While the software is uninstalling the Uninstall window is displayed When the uninstall procedure is complete the Uninstall Complete window ...

Страница 33: ...gement Port Settings By default the storage array management ports are set to Dynamic Host Configuration Protocol DHCP If the controllers on your storage array are unable to get IP configuration from a DHCP server it times out after 10 seconds and falls back to a default static IP address The default IP configuration is Controller 0 IP 192 168 128 101 Subnet Mask 255 255 255 0 Controller 1 IP 192 ...

Страница 34: ...s icons on the Summary tab to ensure that the enclosures in the storage array are in an Optimal status For more information on the status icons see the Administrator s Guide at support dell com manuals 1 When discovery is complete the name of the first storage array found is displayed under the Summary tab in MD Storage Manager 2 The default name for the newly discovered storage array is Unnamed I...

Страница 35: ...king the Advanced button Virtual LAN VLAN support A VLAN is a network of different systems that behave as if they are connected to the same segments of a local area network LAN and are supported by the same switches and routers When configured as a VLAN a device can be moved to another location without being reconfigured To use VLAN on your storage array obtain the VLAN ID from your network admini...

Страница 36: ... Discovery tab click OK If you plan to configure CHAP authentication do not perform discovery on more than one iSCSI port at this point Go to Step 4 Configure Host Access If you do not plan to configure CHAP authentication repeat step 1 thorough step 6 for all iSCSI ports on the storage array For Windows Server 2008 Core Version 1 Set the iSCSI initiator service to start automatically sc server_na...

Страница 37: ...e following command iscsiadm m node T initiator_username p target_ip u Step 4 Configure Host Access This step specifies which host servers access virtual disks on the storage array You should perform this step Before mapping virtual disks to host servers Any time you connect new host servers to the storage array 1 Launch MD Storage Manager 2 Navigate to the AMW and click Manually define hosts 3 At...

Страница 38: ...ray using MD Storage Manager and the host server using the iSCSI initiator before preparing virtual disks to receive data If you prepare disks to receive data before you configure CHAP authentication you lose visibility to the disks once CHAP is configured CHAP Definitions To summarize the differences between target CHAP and mutual CHAP authentication see the following table CHAP Type Description ...

Страница 39: ...st server that connects to the storage array and must not be the same as the target CHAP secret Change the initiator authentication settings in the Change Target Authentication window Use these options to change the settings None Select None if you permit no initiator authentication If you select None any initiator can access this target Use this option only if you do not require secure data Howev...

Страница 40: ...nfigured select this option NOTE IPSec is not supported 8 Click OK If you require a discovery session failover repeat step 5 and step 6 in this step for all iSCSI ports on the storage array Otherwise single host port configuration is sufficient NOTE If the connection fails ensure that all IP addresses are entered correctly Mistyped IP addresses result in connection problems For Windows Server 2008...

Страница 41: ...the following lines discovery sendtargets auth username iscsi_target_username discovery sendtargets auth password_in CHAP_target_password 7 The final configuration contained in the etc iscsi iscsid conf file may look like this node session auth authmethod CHAP node session auth username iqn 2005 03 com redhat01 78b1b8cad821 node session auth password password_1 node session auth username_in iqn 19...

Страница 42: ...s option and enter the Target secret Perform mutual authentication If mutual CHAP authentication is configured select this option NOTE IPSec is not supported 7 Click OK To support storage array controller failover the host server must be connected to at least one iSCSI port on each controller Repeat step 3 through step 8 for each iSCSI port on the storage array that you want to establish as failov...

Страница 43: ...m dell powervault 6001372000ffe3332xx0000046 72edf2 3260 T 192 168 130 101 0x2 0 To view active sessions to the target run the following command iscsicli SessionList To support storage array controller failover the host server must be connected to at least one iSCSI port on each controller Repeat step 3 for each iSCSI port on the storage array that you want to establish as a failover target The Ta...

Страница 44: ...192 168 133 101 Controller 1 Port 0 IP 192 168 130 102 Controller 1 Port 1 IP 192 168 131 102 Controller 1 Port 0 IP 192 168 132 102 Controller 1 Port 1 IP 192 168 133 102 NOTE The management station you are using must be configured for network communication to the same IP subnet as the PowerVault MD3260i host ports 1 Establish an iSCSI session to the PowerVault MD3260i RAID storage array 2 Restar...

Страница 45: ...I environments eliminates the need to manually configure each individual storage array with a specific list of initiators and target IP addresses Instead iSNS automatically discovers manages and configures all iSCSI devices in your environment For more information on iSNS including installation and configuration see microsoft com 45 ...

Страница 46: ...46 ...

Страница 47: ...y Paths to the secondary RAID controller module are ignored until ownership changes The basic assumption for the round robin policy is that the data paths are equal With mixed host support the data paths may have different bandwidths or different data transfer speeds Least Queue Depth With Subset The least queue depth with subset policy is also known as the least I Os or least requests policy This...

Страница 48: ...h With Multiple iSCSI Sessions The PowerVault MD3260i Series storage array in a duplex configuration supports two active active asymmetric redundant controllers Each controller has four 1 Gbps Ethernet ports that support iSCSI The bandwidth of the four ports on the same controller can be aggregated to provide optimal performance A host can be configured to simultaneously use the bandwidth of both ...

Страница 49: ...per port for a total of four sessions The multi path failover driver balances I O access across the sessions to the ports on the same controller In a duplex configuration with virtual disks on each controller creating sessions using each of the iSCSI data ports of both controllers increases bandwidth and provides load balancing 49 ...

Страница 50: ...50 ...

Страница 51: ...p the iSCSI services in Linux certain steps must be followed to maintain parallel processing between the storage array and the host server 1 Stop all I O 2 Unmount all correlated file systems 3 Stop iSCSI service by running the following command etc init d open iscsi stop 51 ...

Страница 52: ...52 ...

Страница 53: ...__ ___ ___ ___ ___ ___ ___ iSCSI port 3 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ iSCSI port 4 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ Management port ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ Management port ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ Static IP address host server Subnet A must be different for each NIC Default gateway iSCSI port 0 In 0 ___ ___ ___ ___ ___...

Страница 54: ... ___ Management port cntrl 0 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ iSCSI port 1 In 0 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ iSCSI port 1 In 1 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ iSCSI port 1 In 2 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ iSCSI port 1 In 3 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ Management port cntrl 1 ___ ___ ___ ___ ___ ___ ___ ___ ___...

Страница 55: ...address ___ ___ ___ ___ Routable IP address ___ ___ ___ ___ Routable IP address ___ ___ ___ ___ Subnet prefix ___ ___ ___ ___ Subnet prefix ___ ___ ___ ___ Gateway ___ ___ ___ ___ Gateway ___ ___ ___ ___ iSCSI controller 0 In 0 IP address FE80 0000 0000 0000 ____ ____ ____ ____ Routable IP address 1 ____ ____ ____ ____ ____ ____ ____ ____ Routable IP address 2 ____ ____ ____ ____ ____ ____ ____ __...

Страница 56: ...___ ____ Routable IP address 2 ____ ____ ____ ____ ____ ____ ____ ____ Router IP address ____ ____ ____ ____ ____ ____ ____ ____ iSCSI controller 1 In 0 IP address FE80 0000 0000 0000 ____ ____ ____ ____ Routable IP address 1 ____ ____ ____ ____ ____ ____ ____ ____ Routable IP address 2 ____ ____ ____ ____ ____ ____ ____ ____ Router IP address ____ ____ ____ ____ ____ ____ ____ ____ iSCSI controll...

Страница 57: ...dress FE80 0000 0000 0000 ____ ____ ____ ____ Routable IP address 1 ____ ____ ____ ____ ____ ____ ____ ____ Routable IP address 2 ____ ____ ____ ____ ____ ____ ____ ____ Router IP address ____ ____ ____ ____ ____ ____ ____ ____ 57 ...

Отзывы: