iSCSI technologies in HP ProLiant servers using advanced network adapters, 2nd edition
5
describes two encryption modes: transport and tunnel. Transport mode encrypts only the data portion
(payload) of each packet and leaves the header untouched. Tunnel mode, on the other hand, encrypts
both the header and the payload for increased security.
Authentication
iSCSI has provisions for servers and storage devices to prove their identities to each other. It uses the
Challenge Handshake Authentication Protocol with Diffie-Hellman key protocol (DH CHAP). IPSEC can
provide further protection with per-packet authentication.
FlexFabric Adapters with full iSCSI offload.
The FlexFabric Adapters give you up to four Flex-10 physical function connections with adjustable
bandwidth control. FlexFabric also provides either offloaded iSCSI or offloaded Fiber Channel over
Ethernet (FCoE) functionality for one of the four connections. The iSCSI functionality is fully offloaded
and represents an advance over the accelerated iSCSI available on multifunction network adapters.
Accelerated iSCSI with full offload executes the entire iSCSI stack on the FlexFabric adapter instead of
the host server. This lets the FlexFabric adapter present a PCI storage function to the host operating
system, eliminating the need for virtual bus driver software (Figure 3). Additional iSCSI functionality,
including iSCSI boot management, is also performed on the adapter. This new architecture delivers
several advantages:
Simplifies device driver design, improving reliability and stability
Provides the lowest host CPU utilization and highest iSCSI performance
Allows iSCSI boot configuration for a group of HP BladeSystem servers to be managed over the
network without running separate utilities on each host server