Dell MD3660I manual Configure Chap Authentication On The Storage Array Optional, Mutual Chap

Mutual CHAP

In addition to setting up target CHAP, you can set up mutual CHAP in which both the storage array and the iSCSI initiator authenticate each other. To set up mutual CHAP, configure the iSCSI initiator with a CHAP secret that the storage array must send to the host sever in order to establish a connection. In this two-way authentication process, both the host server and the storage array send information that the other must validate before a connection is allowed.

CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any host server connected to the same IP network as the storage array can read from and write to the storage array.

NOTE: When using CHAP authentication, you should configure it on both the storage array (using MD Storage Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP is configured.

CHAP Definitions

To summarize the differences between target CHAP and mutual CHAP authentication, see the following table.

Step 5: Configure CHAP Authentication On The Storage Array (Optional)

If you are not configuring any type of CHAP, skip these steps and go to Step 7: Connect To The Target Storage Array From The Host Server.

NOTE: If you choose to configure mutual CHAP authentication, you must first configure target CHAP.

In terms of iSCSI configuration, the term Target always refers to the storage array.

Configuring Target CHAP Authentication On The Storage Array

1.From MD Storage Manager, click the iSCSI tab and then click Change Target Authentication. Select one of the CHAP settings described in the following table.

38