Authentication (chap) – HP LeftHand P4000 SAN Solutions User Manual
Page 242
Requirements
•
Cluster configured with a virtual IP address. See
•
A compliant iSCSI initiator that supports iSCSI Login-Redirect and has passed HP's test criteria
for iSCSI failover in a load balanced configuration. To determine which iSCSI initiators are
compliant, view the HP StoreVirtual 4000 Storage Compatibility Matrix at
If your initiator is not listed, do not enable load balancing.
Authentication (CHAP)
Server access with iSCSI can use the following authentication methods:
•
Initiator node name (single host)
•
CHAP (single or multiple hosts)
NOTE:
The iSCSI terminology in this discussion is based on the Microsoft iSCSI Initiator
terminology. For the terms used in other common operating systems, see
CHAP is a standard authentication protocol. The LeftHand OS software supports the following
configurations:
•
No CHAP—Authorized initiators can log in to the volume without proving their identity. The
target does not challenge the server.
•
1-way CHAP—Initiators must log in with a target secret to access the volume. This secret proves
the identity of the initiator to the target.
•
2-way CHAP—Initiators must log in with a target secret to access the volume as in 1-way
CHAP. In addition, the target must prove its identity to the initiator using the initiator secret.
This second step prevents target spoofing. See
for an illustration of the
differences between 1–way and 2–way CHAP.
Figure 119 Differentiating types of CHAP
CHAP is optional. However, if you configure 1-way or 2-way CHAP, you must remember to configure
both the server and the iSCSI initiator with the appropriate characteristics.
lists the requirements for configuring CHAP.
242 HP StoreVirtual Storage using iSCSI and Fibre Channel