Hardware manual

ManualsBrandsDell ManualsComputer equipment6 series

100

Group Administration iSCSI target security

8–7

• If an initiator is connected to the volume, the group compares the IQN of the current connection to the IQN of

the incoming connection. If the IQNs are not the same, access is denied. If the IQNs are the same, the group

uses access control records to determine whether to authorize access.

However, some environment might need multi-host access to a tar

get. You can enable multi-host access to a target

if you meet one of the following conditions:

• Your cluster environment gives the initiators on

each cluster computer a different IQN, and the environment

can manage multiple connections to a target. For example, the environment uses a Distributed Lock Manager

or SCSI reservations.

• Your multipathing solution does not use

the same IQN on

all initiators, and you cannot modify the names to be

the same.

• You use an environment, such as a virtual server,

that can manage multiple connections to the same iSCSI

target (for example, through SCSI reservations).

• Initiators on a single computer do not use the same IQN.

In all ca

ses, use access control records as the primary method of prote

cting iSCSI targets in a group.

You can enable or disable multi-host access when creating a volume. Y

ou can also modify a volume or snapshot

and enable or disable multi-host access.

Connecting initiators to iSCSI targets

To access iSCSI targets (volumes and snapshots) in a PS Series group, you must install an industry-standard iSCSI

initiator on a computer.

Both hardware and software iSCSI initiators are available

from a variety of vendors. Install and configure an

initiator using the vendor-supplied instructions. See your

PS Series support provider for information re

lated to your iSCSI initiator. Also, read the PS Series Release Notes

for initiator information.

Note: Access to iSCSI targets is through TCP/IP port

3260 (the standard iSCSI port).

See your initiator documentation for the exact procedure for logging in to an

iSCSI target.

The general login overview is:

1. Specify the group IP address as the discovery

address or target portal in the iSCSI initiator configuration

interface. If you are using iSNS, the initiator automatically discovers targets from the iSNS server that you

configured in the group.

The initiator displays a list of iSCSI targets from the group.

2. Log in to a target. The initiator must match at least one of the tar

get’s access control records.

As part of the login procedure, you might need to enter a CHAP

user name and password (secret) and target

authentication credentials. See About iSCSI target access controls.

After the initiator logs in to the iSCSI targ

et, the computer sees the target as a disk that you can format using the

usual operating system utilities. You can then partition the disk and create a file system.