Chap vs ipsec, One-way chap authentication, Iscsi target settings – Dell PowerVault NX3100 User Manual
Page 36
36
Configuring Secured iSCSI Connections Using CHAP
CHAP vs IPSec
CHAP authenticates the peer of a connection and is based upon the peers
sharing a secret (a security key that is similar to a password). IP Security
(IPSec) is a protocol that enforces authentication and data encryption at the
IP packet layer and provides an additional level of security.
One-Way CHAP Authentication
In one-way CHAP authentication, only the iSCSI Target authenticates the
Initiator. The secret is set only for the Target and all Initiators that are
accessing the Target must use the same secret to start a logon session with the
Target. To set one-way CHAP authentication, configure the settings
described in the following sections on Target and Initiator.
iSCSI Target Settings
Before you configure the settings described in this section, ensure that few
iSCSI Targets and Virtual Disks are already created and the Virtual Disks are
assigned to the Targets.
1 On an iSCSI Target, go to PowerVault NAS Management Console→
Microsoft iSCSI Software Target
→ iSCSI Targets→
either right-click and select Properties or go to Actions pane
→ More
Actions
→ Properties.
The
the name of the iSCSI Target that you are configuring iSCSI settings for.
2 In the Authentication tab, select the check box for Enable CHAP and
type the user name (IQN name of the Initiator). You can enter the IQN
manually or use the Browse option to select the IQN from a list.
3 Enter the Secret, re-enter the same value in Confirm Secret, and click OK.
The secret must include 12 to 16 characters.
NOTE:
If you are not using IPSec, both Initiator and Target CHAP secrets
should be greater than or equal to 12 bytes and less than or equal to 16 bytes.
If you are using IPsec, the Initiator and Target secrets must be greater than
1 byte and less than or equal to 16 bytes.