Hardware manual

ManualsBrandsDell ManualsComputer equipment6 series

Group Administration iSCSI target security

8–4

5. If you have not already configured the group to use a RADIUS server, click RADIUS settings and add at

least one RADIUS server. See the procedure in Using RADIUS authentication and accounting servers on page

4-9 for adding RADIUS servers.

Click

Save all changes.

After creating the CHAP account, create an access control record for a volume and s

pecify the CHAP user name in

the record. See Configuring access control records.

Table 8-2: iSCSI Authentication Panel – RADIUS Authentication Fields

Field Description Shortcut User Action

Enable RADIUS

authentication for iSCSI

itiators

Enables RADIUS authentication for iSCSI

ini

tiators.

Alt+E None

Consult locally defined

CHAP accounts first

Consults locally defined CHAP accounts

before using RADIUS au

thentication.

Alt+C Creating a local CHAP account on

page 8-2

RADIUS settings Launches the RADIUS settings dialog, which

specifies RADIUS authentication and

accountin

g servers.

Alt+D Modifying RADIUS server settings on

page 4-10

If you want to enable target authentication (for mutual authentication), see Configuring target authentication on

page 8-4.

Configuring target authentication

If you configure initiator authentication though a local CHAP account or a CHAP account on a RADIUS

authentication server, you can also allow the iSCSI initiator to authenticate iSCSI targets in a PS Series group. The

combination of initiator and target authentication is called mutual authentication and provides additional security.

With target authentication, when the initiator tries to connect to

a target, the target supplies a user name and

password to the initiator. The initiator compares the user name and password to mutual authentication credentials

that you configure in the initiator configuration interface. The iSCSI connection succeeds only if the information

matches.

A group automatically enables target authentication using a default user n

ame an

d password, which you can

change. Whether the initiator requires target authentication depends on the initiator configuration settings.

To display the current target authentication us

er name and password, click Group, then Group Configuration,

and then the

iSCSI tab. The Group Configuration – iSCSI window appears. See the online help for information

about the data fields and options.

To change the target authentication user name or

password:

1. Click

Modify and change the user name or password.

2. Enter the target authentication user name and password from Step 2 in

the iSCSI initiator configuration

interface, where you enable mutual authentication.

About iSNS servers

In a shared storage environment, you must control computer access to iSCSI targets (volumes and snapshots),

because multiple computers writing to a target in an uncoordinated manner might result in volume corruption.