Chapter 9 Configuring Authentication

Prerequisite Tasks

Prerequisite Tasks

Before performing AAA configuration tasks on the storage router, make sure you have configured system parameters as described in Chapter 2, “First-Time Configuration,” or Chapter 3, “Configuring System Parameters.” If the storage router is deployed for SCSI routing, you should also configure SCSI routing instances as described in Chapter 6, “Configuring SCSI Routing,” before proceeding. See the iSCSI driver readme file for details on configuring IP hosts for iSCSI authentication.

Note AAA configuration settings are cluster-wide elements and are shared across a cluster. All AAA configuration and management functions are performed from a single storage router in a cluster. Issue the show cluster command to identify the storage router that is currently performing AAA configuration and management functions.

Using Authentication

AAAis Cisco’s architectural framework for configuring a set of three independent security functions in a consistent, modular manner. Authentication provides a method of identifying users (including login and password dialog, challenge and response, and messaging support) prior to receiving access to the requested object, function, or network service.

The SN 5428-2 Storage Router implements the authentication function for three types of authentication:

iSCSI authentication—provides a mechanism to authenticate all IP hosts that request access to storage via a SCSI routing instance. IP hosts can also verify the identity of a SCSI routing instance that responds to requests, resulting in two-way authentication.

Enable authentication—provides a mechanism to authenticate users requesting access to the SN 5428-2 in Administrator mode via the CLI enable command or an FTP session.

Login authentication—provides a mechanism to authenticate users requesting access to the SN 5428-2 in Monitor mode via the login process from a Telnet session, SSH session or the management console.

iSCSI Authentication

When enabled, iSCSI drivers provide user name and password information each time an iSCSI TCP connection is established. iSCSI authentication uses the iSCSI Challenge Handshake Authentication Protocol (CHAP) authentication method.

iSCSI authentication can be enabled for specific SCSI routing instances. Each SCSI routing instance enabled for authentication can be configured to use a specific list of authentication services, or it can be configured to use the default list of authentication services.

For IP hosts that support two-way authentication, the SCSI routing instance can also be configured to provide user name and password information during the iSCSI TCP connection process.

Note iSCSI authentication is available for SN 5428-2 storage routers deployed for SCSI routing or transparent SCSI routing only; it is not available for storage routers deployed for FCIP.

Cisco SN 5428-2 Storage Router Software Configuration Guide

9-2

OL-5239-01

 

 

Page 2
Image 2
Cisco Systems SN 5428-2 manual Prerequisite Tasks, Using Authentication

SN 5428-2 specifications

Cisco Systems SN 5428-2 is a highly versatile and advanced network storage solution designed to meet the demands of data center environments. This robust storage appliance integrates cutting-edge technologies to provide high performance, reliability, and scalability, making it an ideal choice for organizations looking to enhance their data management capabilities.

One of the main features of the SN 5428-2 is its high-density architecture, which allows for efficient utilization of space while providing ample storage capacity. The system supports multiple drive configurations, including HDDs and SSDs, enabling users to tailor their storage solutions based on performance needs and budget constraints. With a significant amount of raw capacity available, organizations can effortlessly handle large volumes of data and support intensive workloads.

The SN 5428-2 boasts advanced data protection technologies, ensuring that critical information is safeguarded against loss or corruption. Features like RAID support provide redundancy and fault tolerance, while snapshot and cloning capabilities offer quick recovery options in case of data breaches or system failures. Additionally, built-in encryption features help protect sensitive data both at rest and in transit.

The appliance incorporates state-of-the-art networking capabilities as well. With support for various network protocols, including iSCSI and Fibre Channel, the SN 5428-2 can seamlessly integrate into existing infrastructures. This adaptability allows for easy connection with different servers and storage systems, facilitating a more cohesive and efficient operational environment.

Furthermore, the SN 5428-2 is designed with scalability in mind. Organizations can start with a basic configuration and expand as their storage needs grow by adding additional drives or connecting more appliances. This flexibility ensures that businesses can continue to meet their evolving data demands without the need for complete system overhauls.

Management and monitoring of the SN 5428-2 are simplified through a user-friendly interface that provides real-time insights into system performance, capacity utilization, and health status. Administrators can easily configure and manage storage resources, making operational tasks more efficient.

In summary, Cisco Systems SN 5428-2 stands out in the realm of storage solutions by combining high density, robust data protection, advanced networking capabilities, and remarkable scalability. Its thoughtful design and features make it an essential tool for organizations looking to enhance their data storage infrastructure and improve overall performance. With its reliable and efficient performance, the SN 5428-2 is well-suited for a wide array of data center applications.