Target CHAP
In target CHAP, the storage array authenticates all requests for access issued by the iSCSI initiator(s) on the host server
using a CHAP secret. To set up target CHAP authentication, you must enter a CHAP secret on the storage array, then
configure each iSCSI initiator on the host server to send that secret each time it attempts to access the storage array.
Mutual CHAP
In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator
authenticate each other. To set up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the storage array
must send to the host sever in order to establish a connection. In this two-way authentication process, both the host
server and the storage array send information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any
host server connected to the same IP network as the storage array can read from and write to the storage array.
NOTE: When using CHAP authentication, you should configure it on both the storage array (using MD Storage
Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you
prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP
is configured.
CHAP Definitions
To summarize the differences between target CHAP and mutual CHAP authentication, see the following table.
CHAP Type
Description
Target CHAP
Sets up accounts that iSCSI initiators use to connect to
the target storage array. The target storage array then
authenticates the iSCSI initiator.
Mutual CHAP
Applied in addition to target CHAP, mutual CHAP sets up
an account that a target storage array uses to connect to
an iSCSI initiator. The iSCSI initiator then authenticates
the target.
Step 5: Configure CHAP Authentication On The Storage Array
(Optional)
If you are not configuring any type of CHAP, skip these steps and go to
Step 7: Connect To The Target Storage Array
NOTE: If you choose to configure mutual CHAP authentication, you must first configure target CHAP.
In terms of iSCSI configuration, the term Target always refers to the storage array.
Configuring Target CHAP Authentication On The Storage Array
1.
From MD Storage Manager, click the iSCSI tab and then click Change Target Authentication.
Select one of the CHAP settings described in the following table.
38
Содержание PowerVault MD3260i Series
Страница 1: ...Dell PowerVault MD3260i Series Storage Arrays Deployment Guide ...
Страница 6: ...6 ...
Страница 13: ...Figure 3 Four Cluster Nodes Connected to Two Controllers 13 ...
Страница 15: ...Figure 4 64 Servers Connected to Two Controllers 15 ...
Страница 18: ...18 ...
Страница 22: ...22 ...
Страница 30: ...30 ...
Страница 46: ...46 ...
Страница 50: ...50 ...
Страница 52: ...52 ...