beautypg.com

Chap vs ipsec, One-way chap authentication, Iscsi target settings – Dell PowerVault NX1950 User Manual

Page 52

background image

52

Secured iSCSI Using Challenge-Handshake Authentication Protocol

CHAP vs IPSec

CHAP authenticates the peer of a connection and is based upon the peers

sharing a secret (a security key that is similar to a password). IP Security

(IPSec) is a protocol that enforces authentication and data encryption at the

IP packet layer and provides an additional level of security.

One-Way CHAP Authentication

In One-Way CHAP authentication, only the iSCSI Target authenticates the

Initiator. The secret is set only for the Target and all Initiators that are

accessing the Target must use the same secret to start a logon session with the

Target. To set one-way CHAP authentication, configure the settings

described in the following sections on Target and Initiator.

iSCSI Target settings

Before you configure the settings described in this section, ensure that few

iSCSI Targets and Virtual Disks are already created and the Virtual Disks are

assigned to the Targets.

1 On an iSCSI Target, go to PowerVault NX1950 Management Console

Microsoft iSCSI Software TargetiSCSI Targets and

either right-click and select

Properties or go to Actions pane→ More

ActionsProperties.
The

Properties window appears, where Target Name is

the name of the iSCSI Target that you are configuring iSCSI settings for.

2 In the Authentication tab, select the check box for Enable CHAP and

type the User name (IQN name of the Initiator). You can enter the IQN

manually or use the

Browse option to select the IQN from a list.

3 Enter the Secret, re-enter the same value in Confirm Secret, and click OK.

The secret must include 12 to 16 characters.

NOTE:

If you are not using IPSec, both Initiator and Target CHAP secrets

should be greater than or equal to 12 bytes and less than or equal to 16 bytes.

If you are using IPsec, the Initiator and Target secrets must be greater than

1 byte and less than or equal to 16 bytes.