iSCSI CHAP Authentication Worksheets

If the storage system is on a private LAN, you can elect not to configure CHAP authentication. If the storage system is on a public LAN, we strongly recommend that you set CHAP security. If you do not set CHAP security for the storage system, any host connected to the LAN can read from and write to the storage system.

CAUTION

Whenever you record any security information such as the CHAP usernames and secrets (passwords), it is imperative that you store the data in a secure location.

Storage System CHAP Levels

To set up a basic CHAP level, you can add one or more usernames and corresponding secrets. Any initiator configured with one of these usernames/secrets can establish a connection.

To set up an advanced CHAP level, you can configure both initiator CHAP and mutual CHAP. You can create initiator CHAP so that all initiators can use each username/secret (as in basic CHAP). You can also use the iSCSI node name (IQN) to create usernames/secrets that are restricted for use by a single initiator. Optionally, you can configure mutual CHAP with a single target CHAP username/secret.

Initiator CHAP Worksheet

If you want the storage system to authenticate initiators, fill out the Initiator CHAP Worksheet for all initiator accounts. Initiator CHAP must be set up and enabled for iSCSI security to work. The easiest way to configure initiator CHAP is to create a friendly username and secret for all initiators.

Initiator name: ___________________________________________________________

Use initiator name as system CHAP username: Yes___ No___

Allow any initiator to log In with this username and secret: Yes___ No___

CHAP username: _________________________________________________________

CHAP secret: ________________________________ Specified in hex: Yes___ No___

Initiator name: ___________________________________________________________

Use initiator name as system CHAP username: Yes___ No___

Allow any initiator to log In with this username and secret: Yes___ No___

CHAP username: _________________________________________________________

CHAP secret: ________________________________ Specified in hex: Yes___ No___

Initiator name: ___________________________________________________________

Use initiator name as system CHAP username: Yes___ No___

Allow any initiator to log In with this username and secret: Yes___ No___

CHAP username: _________________________________________________________

CHAP secret: ________________________________ Specified in hex: Yes___ No___

Intel Storage System SSR212PP User Guide

47

Page 61
Image 61
Intel SSR212PP manual ISCSI Chap Authentication Worksheets, Storage System Chap Levels, Initiator Chap Worksheet