Chapter 35 Configuring iSCSI

Configuring iSCSI

Enforcing Access Control

its login is rejected. If the iSCSI host is allowed, it validates if the virtual Fibre Channel N port used by the iSCSI host and the Fibre Channel target mapped to the static iSCSI virtual target are in the same Fibre Channel zone.

If the iSCSI target is an auto-generated iSCSI target, then the IPS module or MPS-14/2 module extracts the WWN of the Fibre Channel target from the iSCSI target name and verifies if the initiator and the Fibre Channel target is in the same Fibre Channel zone or not. If they are, then access is allowed.

The IPS module or MPS-14/2 module uses the Fibre Channel virtual N port of the iSCSI host and does a zone-enforced name server query for the Fibre Channel target WWN. If the FCID is returned by the name server, then the iSCSI session is accepted. Otherwise, the login request is rejected.

The IPS module or MPS-14/2 module supports iSCSI authentication mechanism to authenticate iSCSI hosts that request access to storage. By default, IPS module or MPS-14/2 modules allow CHAP or None authentication of iSCSI initiators. If authentication should always be used, you must configure the switch to allow only CHAP authentication.

For CHAP username or secret validation you can use any method supported and allowed by the Cisco MDS AAA infrastructure (see Chapter 28, “Configuring RADIUS and TACACS+”). AAA authentication supports RADIUS, TACACS+, or local authentication device.

The aaa authentication iscsi command enables aaa authentication for the iSCSI host and specifies the method to use.

Cisco MDS 9000 Family Configuration Guide

OL-6973-03, Cisco MDS SAN-OS Release 2.x

Page 22
Image 22
Cisco Systems MDS 9000 setup guide Enforcing Access Control

MDS 9000 specifications

Cisco Systems MDS 9000 series is a line of storage networking switches designed to address the unique demands of enterprise-level data centers. These switches provide high-performance solutions for connecting various storage devices, including traditional disk arrays, solid-state drives, and tape libraries. The MDS 9000 series is built for scalability, high availability, and advanced security, making it an ideal choice for organizations looking to optimize their storage infrastructure.

One of the standout features of the MDS 9000 series is its support for Fibre Channel and FICON protocols, which enable seamless integration with various storage technologies. This versatility is crucial for organizations that may be using a mix of applications and storage performance requirements. The switches support multiple speeds, including 1G, 2G, 4G, 8G, and even 16G Fibre Channel rates, ensuring that they can adapt to evolving storage needs.

The MDS 9000 is known for its advanced features in terms of management and automation. Cisco provides intelligent automation capabilities to enhance operational efficiency. Features like Flow Vision and intelligent network services allow for deep visibility into storage environments, enabling administrators to monitor performance, troubleshoot issues, and optimize resource allocation effectively. This level of visibility helps organizations to mitigate risks and ensure data availability.

Security is another paramount consideration for the MDS 9000 series. The switches are equipped with a range of security features, including role-based access controls, encryption technologies, and zoning options. These capabilities help safeguard sensitive data and ensure compliance with industry regulations, making the MDS 9000 a trusted choice for enterprises dealing with critical data.

The architecture of the MDS 9000 series is designed for high availability and resiliency. With redundant power supplies and cooling systems, these switches minimize downtime and ensure continuous operation. Additionally, they offer advanced features like non-disruptive software upgrades, which eliminate the need for scheduled outages during firmware updates.

In summary, the Cisco Systems MDS 9000 series offers a robust set of features tailored for enterprise storage networking. Its support for various protocols, intelligent management capabilities, and high availability characteristics make it a preferred choice for organizations seeking to optimize their storage infrastructure for both current and future needs. By investing in the MDS 9000 series, businesses can enhance their operational efficiency, ensure data security, and maintain a competitive edge in today's data-driven landscape.