iSCSI CHAP Authentication Worksheets
If the storage system is on a private LAN, you can elect not to configure CHAP authentication. If the storage system is on a public LAN, we strongly recommend that you set CHAP security. If you do not set CHAP security for the storage system, any host connected to the LAN can read from and write to the storage system.
CAUTION
Whenever you record any security information such as the CHAP usernames and secrets (passwords), it is imperative that you store the data in a secure location.
Storage System CHAP Levels
To set up a basic CHAP level, you can add one or more usernames and corresponding secrets. Any initiator configured with one of these usernames/secrets can establish a connection.
To set up an advanced CHAP level, you can configure both initiator CHAP and mutual CHAP. You can create initiator CHAP so that all initiators can use each username/secret (as in basic CHAP). You can also use the iSCSI node name (IQN) to create usernames/secrets that are restricted for use by a single initiator. Optionally, you can configure mutual CHAP with a single target CHAP username/secret.
Initiator CHAP Worksheet
If you want the storage system to authenticate initiators, fill out the Initiator CHAP Worksheet for all initiator accounts. Initiator CHAP must be set up and enabled for iSCSI security to work. The easiest way to configure initiator CHAP is to create a friendly username and secret for all initiators.
Initiator name: ___________________________________________________________
Use initiator name as system CHAP username: Yes___ No___
Allow any initiator to log In with this username and secret: Yes___ No___
CHAP username: _________________________________________________________
CHAP secret: ________________________________ Specified in hex: Yes___ No___
Initiator name: ___________________________________________________________
Use initiator name as system CHAP username: Yes___ No___
Allow any initiator to log In with this username and secret: Yes___ No___
CHAP username: _________________________________________________________
CHAP secret: ________________________________ Specified in hex: Yes___ No___
Initiator name: ___________________________________________________________
Use initiator name as system CHAP username: Yes___ No___
Allow any initiator to log In with this username and secret: Yes___ No___
CHAP username: _________________________________________________________
CHAP secret: ________________________________ Specified in hex: Yes___ No___
Intel Storage System SSR212PP User Guide | 47 |