Datasheet
8068ch12-Host Config.fm Draft Document for Review January 29, 2013 12:52 pm
492 IBM Flex System V7000 Storage Node Introduction and Implementation Guide
LUN was mapped the ‘Auto Configure’ box was clicked from the ‘Volumes and Devices’ tab as
shown in Figure 12-29
Figure 12-29 Single device identified in tab.
This completes the verification of the iSCSI setup.
iSCSI authentication
Authentication of the host server from the IBM Flex System V7000 Storage Node system is
optional and is disabled by default.
The user can choose to enable Challenge Handshake Authentication Protocol (CHAP)
authentication, which involves sharing a CHAP secret between the IBM Flex System V7000
Storage Node system and the host.
The IBM Flex System V7000 Storage Node as authenticator sends a challenge message to
the specific server (peer). The server responds with a value that is checked by the IBM Flex
System V7000 Storage Node. If there is a match, the IBM Flex System V7000 Storage Node
acknowledges the authentication. If not, the IBM Flex System V7000 Storage Node will
terminate the connection and will not allow any I/O to volumes.
A CHAP secret can be assigned to each IBM Flex System V7000 Storage Node host object.
The host must then use CHAP authentication to begin a communications session with a node
in the system. A CHAP secret can also be assigned to the system.
Because iSCSI can be used in networks where data security is a concern, the specification
allows for separate security methods. You can set up security, for example, through a method
such as IPSec, which is transparent for higher levels such as iSCSI because it is implemented
at the IP level. Details regarding securing iSCSI can be found in RFC3723,
Securing Block
Storage Protocols over IP
, which is available at this website:
http://tools.ietf.org/html/rfc3723