beautypg.com

Understanding chap authentication, What is chap, Target chap – Dell PowerVault MD3200 User Manual

Page 62: Mutual chap, E "understanding chap

background image

62

Appendix—Manual Configuration of iSCSI

Understanding CHAP Authentication

What is CHAP?

Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI

authentication method where the storage array (target) authenticates iSCSI

initiators on the host server. Two types of CHAP are supported:

• Target CHAP
• Mutual CHAP

Target CHAP

In target CHAP, the storage array authenticates all requests for access issued

by the iSCSI initiator(s) on the host server using a CHAP secret. To set up

target CHAP authentication, you must enter a CHAP secret on the storage

array, then configure each iSCSI initiator on the host server to send that

secret each time it attempts to access the storage array.

Mutual CHAP

In addition to setting up target CHAP, you can set up mutual CHAP in which

both the storage array and the iSCSI initiator authenticate each other. To set up

mutual CHAP, configure the iSCSI initiator with a CHAP secret that the

storage array must send to the host sever in order to establish a connection. In

this two-way authentication process, both the host server and the storage array

send information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you

do not configure CHAP authentication, any host server connected to the same

IP network as the storage array can read from and write to the storage array.

NOTE:

When using CHAP authentication, you should configure it on both the

storage array (using MDSM) and the host server (using the iSCSI initiator) before

preparing virtual disks to receive data. If you prepare disks to receive data before

you configure CHAP authentication, you lose visibility to the disks once CHAP

is configured.

book.book Page 62 Thursday, July 18, 2013 5:56 PM

This manual is related to the following products: