Manualshelf

Deployment Guide

ManualsBrandsDell ManualsConverged InfrastructurePowerVault MD3000i with Windows HA Clusters
51525354555657585960
Preparing Your Systems for Clustering 57
Target CHAP
In target CHAP, the storage array authenticates all requests for access issued
by the iSCSI initiator(s) on the host server through a CHAP secret. To set up
target CHAP authentication, you enter a CHAP secret on the storage array,
then configure each iSCSI initiator on the host server to send that secret each
time it attempts to access the storage array.
Mutual CHAP
In addition to setting up target CHAP, you can set up mutual CHAP in which
both the storage array and the iSCSI initiator authenticate each other. To set
up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the
storage array must send to the host sever in order to establish a connection.
In this two-way authentication process, both the host server and the storage
array send information that the other must validate before a connection is
allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you
do not configure CHAP authentication, any host server connected to the same
IP network as the storage array can read from and write to the storage array.
NOTE: If you elect to use CHAP authentication, you must configure it on both the
storage array (using MD Storage Manager) and the host server (using the iSCSI
initiator) before preparing virtual disks to receive data. If you prepare disks to
receive data before you configure CHAP authentication, you will lose visibility to
the disks after CHAP is configured.
CHAP Definitions
To summarize the differences between target CHAP and mutual CHAP
authentication, see Table 3-4.
Table 3-4. CHAP Types Defined
CHAP Type Description
Target CHAP Sets up accounts that iSCSI initiators use to connect to the
target storage array. The target storage array then authenticates
the iSCSI initiator.
Mutual CHAP Applied in addition to target CHAP. Mutual CHAP sets up an
account that a target storage array uses to connect to an iSCSI
initiator. The iSCSI initiator then authenticates the target.
book.book Page 57 Tuesday, April 15, 2008 12:30 PM