Users Guide
36 Configuring Secured iSCSI Connections Using CHAP
CHAP vs IPSec
CHAP authenticates the peer of a connection and is based upon the peers
sharing a secret (a security key that is similar to a password). IP Security
(IPSec) is a protocol that enforces authentication and data encryption at the
IP packet layer and provides an additional level of security.
One-Way CHAP Authentication
In one-way CHAP authentication, only the iSCSI Target authenticates the
Initiator. The secret is set only for the Target and all Initiators that are
accessing the Target must use the same secret to start a logon session with the
Target. To set one-way CHAP authentication, configure the settings
described in the following sections on Target and Initiator.
iSCSI Target Settings
Before you configure the settings described in this section, ensure that few
iSCSI Targets and Virtual Disks are already created and the Virtual Disks are
assigned to the Targets.
1
On an iSCSI Target, go to
PowerVault NAS Management Console
→
Microsoft iSCSI Software Target
→
iSCSI Targets
→
<Target name> and
either right-click and select
Properties
or go to
Actions
pane
→
More
Actions
→
Properties
.
The
<Target Name> Properties
window appears, where
Target Name
is
the name of the iSCSI Target that you are configuring iSCSI settings for.
2
In the
Authentication
tab, select the check box for
Enable CHAP
and
type the user name (IQN name of the Initiator). You can enter the IQN
manually or use the
Browse
option to select the IQN from a list.
3
Enter the
Secret
, re-enter the same value in
Confirm Secret
, and click
OK
.
The secret must include 12 to 16 characters.
NOTE: If you are not using IPSec, both Initiator and Target CHAP secrets
should be greater than or equal to 12 bytes and less than or equal to 16 bytes.
If you are using IPsec, the Initiator and Target secrets must be greater than
1 byte and less than or equal to 16 bytes.