beautypg.com

User authentication (iscsi environments only), User authentication operations and settings – HP StorageWorks XP Remote Web Console Software User Manual

Page 23

background image

LUN Configuration and Security Manager XP user guide for the XP1024/XP128

23

Checking the status of the connection between hosts and the disk subsystem

Use LUN Manager to issue a ping command from an XP1024/XP128 iSCSI port to a host. The ping

command checks whether the host and the XP1024/XP128 can communicate with each other. If the host

responds to the ping command, the host and the XP1024/XP128 can communicate with each other. See

Checking the status of connection between hosts and the disk array (iSCSI environment only)

” on

page 43.

User authentication (iSCSI environments only)

When configuring an iSCSI environment, you can use LUN Manager to set ports of the disk array to

authenticate hosts. In an iSCSI environment, the ports use CHAP as the authentication method.

User authentication operations and settings

User authentication involves two phases:

1.

Host authentication: A disk array port authenticates a host when it attempts to connect to the array

2.

Port authentication: The host authenticates the connection-target port of the disk array

The disk array performs user authentication by ports. Therefore, the ports and hosts need to have their

own user information in order to perform user authentication.
When a host attempts to connect to the disk array, the host authentication phase starts. In this phase, the

array determines whether the port requires host authentication. If the port does not require host

authentication, the host will connect to the disk array without authentication; otherwise authentication is

performed for the host. When the host is authenticated successfully, the next phase begins.
This port authentication phase starts if the host requires user authentication for the connection target port.

Thus the ports and hosts perform mutual authentication. If the host does not require user authentication for

the port, the host will connect to the disk array without port authentication.
The following section explains the required settings for user authentication. Port authentication settings are

needed only if you want to perform mutual authentication.

Host authentication settings
• On the disk array:

Use LUN Manager to specify whether to perform host authentication on each port. On a port that

performs authentication, register the user information (iSCSI name, user name, and secret) for the

hosts that are allowed to connect to the port.

NOTE:

A secret is a password used in CHAP authentication.

When registering user information, you can also specify whether to enable or disable host

authentication. For details, see ”

Specifying whether to enable or disable host authentication on a

port

” on page 46 and ”

Registering user information of hosts on a port

” on page 46.

• On hosts:

Configure the operating system and iSCSI driver for port authentication using CHAP. Specify the

user name and secret of the host used for CHAP. For details, refer to your operating system and

iSCSI driver documentation.

Port authentication settings (required for mutual authentication)
• On the disk array:

Use LUN Manager to specify user information (user name and secret) of each port. For details, see

Specifying user information of ports (when performing mutual authentication)

” on page 48.

• On hosts:

Configure the operating system and iSCSI driver for CHAP port authentication. Specify the user

name and secret of the port that is the connection target. For details, refer to your operating system

and iSCSI driver documentation.

This manual is related to the following products: