Manuals / SANRAD / Computer Equipment / Switch

SANRAD V-Switch manual Authentication, Volume Exposure and Security 113

Models: V-Switch

1 300

Download 300 pages 15.92 Kb

Page 119

read-only, depending on the positioning of the identities. If Identity A is assigned position 1 and Identity B is assigned position 2, Identity B is scanned first by the V-Switch. A match is made and the scan is stopped. No further identities will be scanned. Therefore, iSCSI initiator WWUI8 will be granted read-write access.

If the positions are reversed and Identity B is assigned position 1 and Identity A is assigned position 2, iSCSI initiator WWUI8 will be granted read-only access.

Authentication

The V-Switch supports the authentication methods CHAP and SRP for the iSCSI initiator. The credentials for CHAP and SRP are the combination of user name + password. An authentication method is assigned per identity and not per iSCSI initiator. An identity can be assigned one or both authentication methods. If no authentication method is assigned, all listed iSCSI initiators in an identity will have un-authenticated login rights.

When an iSCSI initiator logs in to a target, its WWUI is checked against the identity initiator list. After the iSCSI initiator passes the identity stage, if credentials are configured, the iSCSI initiator must authenticate itself. The credentials list is checked for the iSCSI initiator’s user name + password. The list can contain a separate user name + password for each initiator; a few user name + password pairs common to a few initiators or a single user name + password for all initiators in the identity.

Initiators

wwui3

wwui4

wwui6

wwui7

wwui8

wwui9

Ident B

		Credentials


	CHAP				SRP

Sarah C6H12O6				Dinos RockOn			10155

Dinos RockOn				Albert energy

Figure 60. Identity with iSCSI Initiators and Credentials

In Figure 60, there are six iSCSI initiators in Identity B but only four user name + password credentials. Certain initiators have the same user name + password configured on them.

Default Identity

When you create a target, it is automatically coupled to a default identity. The default identity gives un-authenticated read-write access to all iSCSI

Chapter 7: Volume Exposure and Security

113

Image 119

SANRAD V-Switch manual Authentication, Volume Exposure and Security 113

Contents

Sanrad V-Switch International Headquarters Limited Warranty FCC-15 User Information Regulatory InformationSafety Notices User Notes Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information Safety Notices User Notes Table of Contents Switch Configuration Volume Exposure & Security Routine Volume Maintenance 195 Volume Configuration Sample Configurations 285 This Chapter SwitchSwitch Overview Order of Operations Switch Network TopologyChapter Title Description Manual OrganizationTransparent1 CLI Command Line InterfaceVolume create transparent VolEsc Tab Technical AssistanceInstalling the V-Switch Front Panel ChassisBack Panel System Indicator LEDsSwitch 2000 LEDs Scsi Rack Mounting Surface MountingAttach the Rear L-BRACKET Scsi Storage Port Connection Type Storage Port ConnectionsSwitch 2000 FC Storage Ports Network Port Cable Connections Network Port ConnectionsConsole Port Connection Powering UpSwitch 2000 Power Supplies User Notes LCD Switch 3000 Front Panel Installing the V-Switch Switch 3000 LEDsThis step works best with two people Switch 3000 Storage Ports Switch 3000 Storage Port LEDs 1000BASE-SXSHORT-WAVE Laser for Switch 3000 Network Ports Management Port Connection Switch 3000 Management PortCompact Flash CF Slot LCDScalability Port Scalability PortSwitch 3000 Power Supplies Switch Configuration Switch ConfigurationIntroduction to Managing the V-Switch Switch Management Options Switch Status OK Configuring the V-Switch 3000 Management Parameters via LCDConfiguring the Management Console Telnet Initializing the V-Switch212.199.43.46 VSwitchInit -n VSwitch -ip InitDevice set VSwitch1Changing Management Parameters Changing General Management ParametersTelnet Rcom LocExt4838 RldAdding an Snmp Manager Changing the Telnet Communications PortAdding User Login Profiles Page Viewing Scsi Storage Ports and Bus IDs Configuring the Storage PortsSetting a Scsi Storage Port Bus ID Fc interface show Alias Configuring an FC Storage PortViewing the FC Port Information Pscsi set busid -if pscsi3 -idFunction Gateway Viewing the V-Switch World Wide Node NameFc set -if fc2 -sp 1 -pt nl -cm prl 2000201058001046212.199.43.56 Configuring the Network PortsIp config set Ip config set -ip 212.199.43.56 -if eth1 -actRemoving an IP Address Checking the IP ConfigurationsIp config show Ip config remove -ip Ip config removeIp isns add Discovering iSCSI TargetsISCSI Discovery Session ISNSConfiguring iSCSI Portals Iscsi portal remove Viewing iSCSI PortalsRemoving iSCSI Portals Iscsi portal create -ipOnly one of these paths can be configured for V-Switch Configuring IP RoutingAdding an IP Route Setting a Default GatewayRemoving an IP Route Checking IP RoutesViewing IP Routes 10.12.40.0 255.255.255.0 Eth3 Ip route removeUser Notes Switch Cluster Configuration Switch Cluster ConfigurationIntroduction to V-Switch Clusters Switch Cluster Configuration Re-routing Storage Access with Off-line V-Switch Device set -id Configuring a V-Switch ClusterSetting the V-Switch ID Adding a Neighbor212.199.43.75 VSwitch2Neighbor add -nb VSwitch2 -ip Neighbor addCluster with Neighbor IP Addresses Cluster show Last Keep Alive Working with Scsi Storage DevicesMaintaining Cluster Communications Pscsi set busid if pscsi3 -idEnabling and Disabling Failover Further V-Switch Cluster ConfigurationsCluster failover enable Cluster failover disableNeighbor details Viewing V-Switch Neighbor DetailsNeighbor show Neighbor remove VSwitch2 212.199.43.75Managing a Cluster Neighbor setFint Cluster setKai Sint LUN Carving Volume ConfigurationPhysical Storage used in Examples Introduction to Volume ConfigurationStorage blink activate Identifying Available Storage DevicesStorage show Alias Entity NameStor1 Disk2JBOD5 Saveforsnap shots Storage blink activate -s Stor1 -tStorage blink abort Storage setSeagate Storage detailsTrans1 Creating a Transparent VolumeVolume create transparent -vol Trans1 -d Disk1 Trans1 Transpar 1024 512 Volume showAlias Vol Type Subdisk1 Creating a Subdisk LUN CarvingSubdisk create 18000000Subdisk details Subdisk create -d Disk1 -sl 18000000 -sa 0 -sd Subdisk1Subdisk create -d Disk1 -sl Sa 18000000 -sd Subdisk2 DiskStart Address Simple1 Creating a Simple VolumeVolume create simple 17999999 512 Internal Volume create simple -vol Simple1 -sd Subdisk1Volume show Alias StateConcat1 Creating a Concatenated VolumeVolume create concatenated Vol NbcConcatenated Volume Sus Creating a Striped VolumeVolume create stripe Stripe1Simple4 Simple8 Simple10 Simple2Striped Volume 100 Creating a Mirrored VolumeVolume create mirror Mirrored1Volume Configuration 101 Replicating Data in a Mirrored VolumeSimple3 Volume mirror syncVolume mirror sync -src Simple3 -dst Simple5 SrcCreating a RAID 10 and RAID 0+1 Volume Configuration 103104 Volume create mirror -vol Mirror2 -ch Simple1 -ch Simple7Volume create mirror -vol Mirror3 -ch Simple3 -ch Simple9 Volume Configuration 105 Second Mirrored Volume of RAID106 Striped Volume of RAIDVolume Exposure and Security 107 Volume Exposure & Security108 Introduction to Volume Exposure & SecurityIdentities Volume Exposure and Security 109110 Identity B’s iSCSI InitiatorsAn identity can be used with more than one target Volume Exposure and Security 111112 Access Rights per Identity-Target PairVolume Exposure and Security 113 Authentication114 SwitchCreating an iSCSI Target 116 Iscsi target showAcl show Volume Exposure and Security 117Iscsi target details Musicbox Musicdept Read-write Target Position Identity Access FinanceNot accessible Read-writePos Changing the Default IdentityAcl set AccCreating an Identity Creating an Identity Volume Exposure and Security 121Microsoft Adding Initiators to an IdentityAcl identity add name Iqn.1991-05Adding an Initiator Volume Exposure and Security 123124 Adding a Second InitiatorAssigning Identity Credentials 126 Assigning CredentialsAdding Another Set of Credentials Volume Exposure and Security 127128 Acl identity detailsDataTurnsMeOn Volume Exposure and Security 129Ip radius add 212.199.43.2Allow 130AddressPort 212.199.43.21812 212.199.56.1341812 Volume Exposure and Security 131Ip radius show 132 Connecting an Identity and TargetAcl add Acl add -ta finance -id accounting -acc rw -pos Volume Exposure and Security 133Vol1 Volume exposeExposing an iSCSI Target and LUN NewVolume Exposure and Security 135 Volume expose -vol Vol1 -ta finance -lun136 Lu showAdvanced Volume Operations 137 Advanced Volume OperationsActual Capacity versus Potential Capacity Introduction to Advanced Volume ConfigurationsData Replication Off-line versus On-line Mirror versus SnapshotSrc Dst Copying a Volume Off-line CopyVolume copy create Advanced Volume Operations 139140 Synchronizing a VolumeAdding a Child to a Mirror On-line Copy Advanced Volume Operations 141142 Volume mirror addVol No sync Mirror5 Simple10 No parameter requiredAdvanced Volume Operations 143 Volume mirror add -vol Mir4 -ch Sim6144 Creating a SnapshotAdvanced Volume Operations 145 St Write to Source and Update to 1st Snapshot146 Volume create snapshotVol Src Advanced Volume Operations 147 Update to 1st Snapshot & 1st Write to Source148 Advanced Volume Operations 149 Viewing Snapshot VolumesVolume snapshot show Snapshot Date & Time Utilization Snp1Mir1 12/12/02 20% Volume snapshot list -vol Mirror7Breaking a Mirror Mirror7Removing a Child from a Mirror Advanced Volume Operations 151152 Volume mirror breakVolume mirror break -vol Mir1 -ch Sim5 Mirror5 Simple10Advanced Volume Operations 153 Resizing a Volume154 Creating a CubeAdvanced Volume Operations 155 Further Resizing on the Same VolumeCh2 Volume resizeVolume resize -vol Sim2 -a XSim2 -with Sim3 Vol WithMir5 Retracting a VolumeVolume retract Advanced Volume Operations 157158 Expanding a VolumeXSim2 Volume expandVolume expand -vol XSim2 Advanced Volume Operations 159160 Expanding XSim2Advanced Volume Operations 161 Routine Volume Maintenance 161 Routine Volume MaintenanceRemoving a Volume VolumesRenaming a Volume Routine Volume Maintenance 163 Volume remove -vol Stripe1All Removing all Volumes in a HierarchyVolume remove -all Volume remove -all -vol Stripe1Vol Nvol Replacing a VolumeVolume replace Routine Volume Maintenance 165166 Synchronizing a VolumeMirror2 Mirror8 Changing iSCSI Target Parameters Targets and ExposureRemoving an LU Removing an iSNS Server Removing an iSCSI TargetRemoving a Radius Server 169 Snmp Manager170 General Configuration ParametersTelnet Routine V-Switch Maintenance 171Telnet Port 172 Removing an Snmp Manager Setting an Snmp ManagerSnmp Manager 174 ISNS ServerUser Profiles Adding an iSNS ServerRemoving a User Profile Adding a User ProfileChanging a User Profile Saving Uploading a V-Switch Database File SwitchResetting a V-Switch Ft download Downloading a V-Switch Configuration FileRoutine V-Switch Maintenance 177 Network InterfacesStorage1 Changing an Interface AliasAdding an Interface IP Address Interface setRemoving an Interface IP Address Ip config set -if eth1 -ipIp config remove-ip Routine V-Switch Maintenance 179180 IP Routing30.30.20.20 Eth2 Routine V-Switch Maintenance 181Disks and Subdisks Discovering Storage DevicesStorage set -s Stor1 -na RAID1 -info Exposeas transparent Renaming a Storage DeviceExposeas TransparentRemoving a Subdisk Removing a Storage DeviceRenaming a Subdisk Removing a Neighbor ClustersModifying Neighbor Parameters Kai Routine V-Switch Maintenance 185Modifying a Cluster 186 Switch 3000 Power SupplyFt update -ip 212.199.43.46 -fd sanrad/update/v20 Upgrading the V-Switch SoftwareFt update Sanrad/updateSystem set -rep yes Switch 3000 Compact FlashSystem set RepCflash Type Routine V-Switch Maintenance 189System copy From190 Safe ModeAutomatic Safe Mode Routine V-Switch Maintenance 191 Level 2 Reboot with Default Factory DatabaseExporting a Corrupted Database Manual Safe ModeRoutine V-Switch Maintenance 193 Level O Normal Mode194 Command Line Interface 195 Command Line Interface196 Command Line Interface 197 Switch ConfigurationInit Admin showInit -n VSwitch1 -ip Admin showUser Name Admin addAdmin remove Admin password200 ResetInfo Device set21/04/2002 Command Line Interface 201Device set -telnet Fc interface showInterface show Fc node showFc set speed Pscsi show Interface detailsInterface set AliasBusID Pscsi3 Pscsi4 Pscsi set busidSnmp manager show Snmp manager add212.199.43.96 150 Command Line Interface 205Snmp manager set Snmp manager remove206 Ip config showIp config set Ip config remove10.10.20.20 255.255.255.0 30.30.20.20 Command Line Interface 207Ip route add Ip route show10.12.40.40 255.255.255.0 20.22.11.11 Ip route removeIp isns show Ip isns addNeighbor set Command Line Interface 209Ip isns remove Neighbor addCluster show Neighbor detailsNeighbor remove Cluster set Cluster failover enableCluster failover disable Last Keep Alive Dead Ints FailoverEnabled StateRunningFt download Ft showFt upload software System set Ft export problemSystem boot 212.199.43.70 Backupdata214 System copySystem show Command Line Interface 215 Volume ConfigurationStorage show Storage discoveryStorage blink activate Storage blink abortStorage alias Storage disk showStorage disk set 218 Storage detailsStorage set Stor7 Disk7 Replacedisk2Subdisk show Command Line Interface 219Storage remove Subdisk createSubdisks details Subdisk detailsSubdisk alias Subdisk showSubdisk remove Volume showSubdisk set Volume details Volume create simple Volume aliasVolume hierarchy Mirror2 Volume create transparentVolume create mirror Volume create concatenatedVolume set Volume create stripedVolume replace Volume removeVolume remove -all Command Line Interface 227 Volume mirror showVolume mirror sync Volume mirror dummysyncVolume copy abort Volume copy createVolume copy show Volume copy abortVol Dst No sync Volume mirror addVolume mirror break Volume resize230 Volume retractVolume expand Volume create snapshotMirro2 Volume snapshot showVolume snapshot list Command Line Interface 231232 Volume ExposureIscsi portal remove Command Line Interface 233Iscsi portal show Iscsi portal createBilling.san rad Device Device Iscsi target createIscsi target alias Iscsi target setAcl show Iscsi target authenticationIscsi target remove Acl add Acl detailsAcl identity show Acl setAcl rem MedSchool All registered students Acl identity detailsAcl identity create Acl identity deleteAcl identity add chap Acl identity add nameAcl identity remove name Acl identity remove srp Acl identity remove chapAcl identity add srp Acl down Acl identity setAcl up Key Ip radius showIp radius add Ip radius setIp radius remove Volume expose -newVolume expose Iscsi Lu showLu details Music.sanradExpose Lu remove Command Line Interface 245Lu remove Lu details246 Sample Configurations 247 Sample Configurations248 Sample IntroductionSample Configurations 249 Installing and Using the V-Switch250 System OverviewSample Configurations 251 Init -n VSwitch1252 Iscsi portal create -ip 172.17.200.174 -pProtocol Address Type Port IPv4 172.17.200.174 3260 Create Iscsi Target and LUN Sample Configurations 253254 Microsoft iSCSI InitiatorSample Configurations 255 New disk should be configured as a basic disk only256 Replacing a Mirrored VolumeReplacing a Failed Disk Sample Configurations 257258 Stor5 500708206059f880 Enabled EntireVolume create simple -vol Simple5 -d Stor5 Volume replace -vol Simple4 -nvol Simple5Storage remove -s Stor4 Volume mirror synch -src Simple3 -dst Simple5Volume remove all -vol Simple4 Sample Configurations 259260 Replicating Data Off-lineAttach and View Storage Devices Sample Configurations 261262 Source Destination Oper Admin Progress StatusSynch None Synch DataRepSample Configurations 263 Configuring the V-Switch with a Single IP Routing PathLAN a 264Insert IP 0.0 0 0.0 0 0.0 0 Sample Configurations 265266 Iscsi portal create -ip 212.199.43.56 -pSample Configurations 267 268 Sample Configurations 269 270 Sample Configurations 271 Configuring a Cluster272 Cluster TopologySample Configurations 273 274 Sample Configurations 275 276 Init -n VSwitch2Neighbor add -nb VSwitch1 -ip Iscsi portal create -ip 212.199.43.75 -p Sample Configurations 277278 Sample Configurations 279 280 Sample Configurations 281 282 Sample Configurations 283 284 Nd Microsoft iSCSI Initiator Configuration for Host StationIndex 285 Index286 ChapIndex 287 Dummy synchronize288 IntervalIndex 289 Mirror290 RS232 19, 46, 190Index 291 SRP292 Volume createIndex 293