Filter
Top Products
62 Appendix—Manual Configuration of iSCSI
Understanding CHAP Authentication
What is CHAP?
Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI
authentication method where the storage array (target) authenticates iSCSI
initiators on the host server. Two types of CHAP are supported:
•Target CHAP
•Mutual CHAP
Target CHAP
In target CHAP, the storage array authenticates all requests for access issued
by the iSCSI initiator(s) on the host server using a CHAP secret. To set up
target CHAP authentication, you must enter a CHAP secret on the storage
array, then configure each iSCSI initiator on the host server to send that
secret each time it attempts to access the storage array.
Mutual CHAP
In addition to setting up target CHAP, you can set up mutual CHAP in which
both the storage array and the iSCSI initiator authenticate each other. To set up
mutual CHAP, configure the iSCSI initiator with a CHAP secret that the
storage array must send to the host sever in order to establish a connection. In
this two-way authentication process, both the host server and the storage array
send information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you
do not configure CHAP authentication, any host server connected to the same
IP network as the storage array can read from and write to the storage array.
NOTE: When using CHAP authentication, you should configure it on both the
storage array (using MDSM) and the host server (using the iSCSI initiator) before
preparing virtual disks to receive data. If you prepare disks to receive data before
you configure CHAP authentication, you lose visibility to the disks once CHAP
is configured.
book.book Page 62 Thursday, July 18, 2013 5:56 PM