Cisco Systems SN 5428-2 manual Authentication Overview, 1-24

Page 24
Authentication Overview

Chapter 1 Before Configuring SN 5428-2 Storage Router Software

Authentication Overview

Assignment of a secondary interface per FCIP instance—allows the same IP address to be assigned to each Gigabit Ethernet interface configured for an FCIP instance; one interface is assigned as primary and one interface is assigned as secondary. If the primary interface loses connection to the network and remains down for two seconds, the IP address moves to the secondary Gigabit Ethernet interface, which then becomes active.

Assignment as a management IP address—allows each Gigabit Ethernet interface to have one IP address assigned per logical interface, as a management interface. This IP address is in addition to any multiple IP address(es) per SCSI routing instance or FCIP instance assigned.

Assignment of a secondary management IP address—allows the same IP address to be assigned to each Gigabit Ethernet interface configured as a management interface; one interface is assigned as primary and one interface is assigned as secondary. If connection to the primary Gigabit Ethernet maintenance interface is lost and if the secondary maintenance interface connection is assigned and connected, the IP address moves to the secondary Gigabit Ethernet interface, which then allows management access.

Authentication Overview

Authentication is a software service that is available in each SN 5428-2. It provides a method of identifying users (including login and password dialog, challenge and response, and messaging support) prior to receiving access to the requested object, function, or network service. The SN 5428-2 supports three types of authentication:

iSCSI authentication—provides an authentication mechanism to authenticate IP hosts that request access to storage. An IP host, acting as an iSCSI initiator, can also verify the identity of an iSCSI target assigned to a SCSI routing instance, which responds to the request, resulting in a two-way authentication.

Enable authentication—provides a mechanism to authenticate users requesting Administrator mode access to an SN 5428-2 management session via the CLI enable command or an FTP session.

Login authentication—provides a mechanism to authenticate users requesting access to the SN 5428-2 in Monitor mode via the login process from a Telnet session, SSH session or the SN 5428-2 console.

Authentication is provided by an AAA (authentication, authorization, and accounting) subsystem configured in each SN 5428-2. AAA is Cisco’s architectural framework for configuring a set of three independent security functions in a consistent and modular manner: authentication, authorization, and accounting. The SN 5428-2 Storage Router software implements the authentication function.

AAAauthentication is configured by defining a list of authentication services. iSCSI authentication, which uses a AAA authentication services list, can be enabled for specific SCSI routing instances in an SN 5428-2.

When iSCSI authentication is enabled, IP hosts (with iSCSI drivers) must provide user name and password information each time an iSCSI TCP connection is established. With two-way authentication, the SCSI routing instance to which an iSCSI target has been assigned responds to the authentication request with an assigned username and password. iSCSI authentication uses the iSCSI CHAP (Challenge Handshake Authentication Protocol) authentication method.

See Chapter 9, “Configuring Authentication,” for more information about configuring authentication services.

Cisco SN 5428-2 Storage Router Software Configuration Guide

1-24

OL-4691-01

 

 

Image 24
Contents Mixed Mode Overview, page VLAN Access Overview, page Authentication Overview, pageWhere to Go Next, page SN 5428-2 Storage Router Overview, page SCSI Routing Overview, pageSN 5428-2 Storage Router Overview Figure 1-3 FCIP SCSI Routing Mapping and Access Control, page SCSI Routing OverviewRouting SCSI Requests and Responses, page Basic Network Structure, pageRouting SCSI Requests and Responses SCSI Routing Mapping and Access Control Basic Network StructureFigure 1-7 SCSI Routing Basic Network Structure Database Webserver2000Table 1-1 Target-and-LUN Mapping Example Table 1-2 Target-only Mapping ExampleAccess for SCSI routing is controlled in the IP hosts and the storage router. In an IP host, the iSCSI driver is configured with the Gigabit Ethernet IP address of the SCSI routing instance in the storage router with which the host is to transport SCSI requests and responses. In a storage router, access is controlled through an access list and a VLAN identifier VID number of the hosts. Additionally, access can be further controlled in the SN 5428-2 through authentication. See the “Authentication Overview” section on page 1-24 for more information about authentication Available Instances of SCSI Routing Figure 1-8 SCSI Routing Storage Mapping and Access Control ConceptTable 1-3 SCSI Routing Storage Mapping and Access Control Concept Transparent SCSI Routing Mapping and Access Control, page Transparent SCSI Routing OverviewAvailable Instances of Transparent SCSI Routing, page 1-101-11 Figure 1-11 Transparent SCSI Routing ActionsTransparent SCSI Routing Mapping and Access Control 1-12Basic Network Structure 1-13 Table 1-4 Transparent SCSI Routing Mapping Example1-14 Intelligent Storage Array andSCSI Routing Drive LUNUsing FCIP to Route Fibre Channel Packets Using FCIP to Route Fibre Channel Packets, pageFCIP Overview Available Instances of Transparent SCSI RoutingFCIP Network Structures 1-16Figure 1-15 FCIP Actions 1-17 Figure 1-16 FCIP Redundant WAN ConfigurationFigure 1-17 FCIP Fully Redundant Configuration Mixed Mode Overview 1-18Figure 1-18 Multisite FCIP Configuration 1-19 Figure 1-19 Mixed Mode Overview SCSI routing and FCIPFigure 1-20 Mixed Mode Overview Transparent SCSI routing and FCIP VLAN Access Overview 1-20Zoning Overview 1-21Figure 1-21 VLAN Access Overview 1-22 Zoning comprises zones, zone sets, aliases, and zone databasesFibre Channel Interface Overview Gigabit Ethernet Interface Overview1-23 Authentication Overview 1-24SN 5428-2 Cluster Management Overview Interface Naming1-25 Where to Go Next 1-26a a n 1-27 1-28
Related manuals
Manual 78 pages 51.81 Kb Manual 16 pages 56.35 Kb Manual 22 pages 17.61 Kb

SN 5428-2 specifications

Cisco Systems SN 5428-2 is a highly versatile and advanced network storage solution designed to meet the demands of data center environments. This robust storage appliance integrates cutting-edge technologies to provide high performance, reliability, and scalability, making it an ideal choice for organizations looking to enhance their data management capabilities.

One of the main features of the SN 5428-2 is its high-density architecture, which allows for efficient utilization of space while providing ample storage capacity. The system supports multiple drive configurations, including HDDs and SSDs, enabling users to tailor their storage solutions based on performance needs and budget constraints. With a significant amount of raw capacity available, organizations can effortlessly handle large volumes of data and support intensive workloads.

The SN 5428-2 boasts advanced data protection technologies, ensuring that critical information is safeguarded against loss or corruption. Features like RAID support provide redundancy and fault tolerance, while snapshot and cloning capabilities offer quick recovery options in case of data breaches or system failures. Additionally, built-in encryption features help protect sensitive data both at rest and in transit.

The appliance incorporates state-of-the-art networking capabilities as well. With support for various network protocols, including iSCSI and Fibre Channel, the SN 5428-2 can seamlessly integrate into existing infrastructures. This adaptability allows for easy connection with different servers and storage systems, facilitating a more cohesive and efficient operational environment.

Furthermore, the SN 5428-2 is designed with scalability in mind. Organizations can start with a basic configuration and expand as their storage needs grow by adding additional drives or connecting more appliances. This flexibility ensures that businesses can continue to meet their evolving data demands without the need for complete system overhauls.

Management and monitoring of the SN 5428-2 are simplified through a user-friendly interface that provides real-time insights into system performance, capacity utilization, and health status. Administrators can easily configure and manage storage resources, making operational tasks more efficient.

In summary, Cisco Systems SN 5428-2 stands out in the realm of storage solutions by combining high density, robust data protection, advanced networking capabilities, and remarkable scalability. Its thoughtful design and features make it an essential tool for organizations looking to enhance their data storage infrastructure and improve overall performance. With its reliable and efficient performance, the SN 5428-2 is well-suited for a wide array of data center applications.