User authentication (iscsi environments only), User authentication operations and settings – HP StorageWorks XP Remote Web Console Software User Manual
Page 23
LUN Configuration and Security Manager XP user guide for the XP1024/XP128
23
Checking the status of the connection between hosts and the disk subsystem
Use LUN Manager to issue a ping command from an XP1024/XP128 iSCSI port to a host. The ping
command checks whether the host and the XP1024/XP128 can communicate with each other. If the host
responds to the ping command, the host and the XP1024/XP128 can communicate with each other. See
Checking the status of connection between hosts and the disk array (iSCSI environment only)
User authentication (iSCSI environments only)
When configuring an iSCSI environment, you can use LUN Manager to set ports of the disk array to
authenticate hosts. In an iSCSI environment, the ports use CHAP as the authentication method.
User authentication operations and settings
User authentication involves two phases:
1.
Host authentication: A disk array port authenticates a host when it attempts to connect to the array
2.
Port authentication: The host authenticates the connection-target port of the disk array
The disk array performs user authentication by ports. Therefore, the ports and hosts need to have their
own user information in order to perform user authentication.
When a host attempts to connect to the disk array, the host authentication phase starts. In this phase, the
array determines whether the port requires host authentication. If the port does not require host
authentication, the host will connect to the disk array without authentication; otherwise authentication is
performed for the host. When the host is authenticated successfully, the next phase begins.
This port authentication phase starts if the host requires user authentication for the connection target port.
Thus the ports and hosts perform mutual authentication. If the host does not require user authentication for
the port, the host will connect to the disk array without port authentication.
The following section explains the required settings for user authentication. Port authentication settings are
needed only if you want to perform mutual authentication.
•
Host authentication settings
• On the disk array:
Use LUN Manager to specify whether to perform host authentication on each port. On a port that
performs authentication, register the user information (iSCSI name, user name, and secret) for the
hosts that are allowed to connect to the port.
NOTE:
A secret is a password used in CHAP authentication.
When registering user information, you can also specify whether to enable or disable host
authentication. For details, see ”
Specifying whether to enable or disable host authentication on a
Registering user information of hosts on a port
• On hosts:
Configure the operating system and iSCSI driver for port authentication using CHAP. Specify the
user name and secret of the host used for CHAP. For details, refer to your operating system and
iSCSI driver documentation.
•
Port authentication settings (required for mutual authentication)
• On the disk array:
Use LUN Manager to specify user information (user name and secret) of each port. For details, see
Specifying user information of ports (when performing mutual authentication)
• On hosts:
Configure the operating system and iSCSI driver for CHAP port authentication. Specify the user
name and secret of the port that is the connection target. For details, refer to your operating system
and iSCSI driver documentation.