Overview – HP XP Array Manager Software User Manual
Page 43
•
Deleting user information for hosts (see “
Deleting Host User Information
•
Specifying user information for host groups (when performing mutual authentication, see
Registering Host Group User Information
•
Clearing user information for host groups (when performing mutual authentication, see
Clearing Host Groups User Information
•
Specifying the information for Fibre Channel port (see “
•
Registering user information on a Fibre Channel port (see
•
Registering user information on a Fibre Channel switch (see
Setting Switch User Information
•
Clearing user information for a Fibre Channel switch (see
Clearing Switch User Information
•
Specifying an authentication mode of Fibre Channel switch (see
Setting the Switch Authentication Mode
•
Specifying whether a Fibre Channel switch can perform authentication (see
Enabling or Disabling Switch Authentication
Notes:
The hosts to be connected also have to be configured for authentication by host groups (and
for authentication of host groups by the host, if required). For details on how to configure the host
for CHAP authentication, see the documentation of the operating system and Fibre Channel driver in
your environment.
Overview
When configuring a Fibre Channel environment, you can use LUN Manager to set user authentication
between ports of the storage system and hosts. In a Fibre Channel environment, the ports and hosts use
Null DH-CHAP (Challenge Handshake Authentication Protocol with a Null Diffie-Hellmann algorithm) as
the authentication method. This section provides an overview of user authentication.
Note
: Throughout this manual, Null DH-CHAP is sometimes referred to as CHAP.
The operation of user authentication in a Fibre Channel environment involves the following three phases:
1.
A host group of the storage system authenticates a host that attempts to connect. (authentication
of hosts)
2.
The host authenticates the connection-target host group of the storage system. (authentication
of host groups)
Caution:
Because the host bus adapters currently do not support this function, this authentication
phase is unusable in the Fibre Channel environment.
3.
A target port of the storage system authenticates a Fibre Channel switch that attempts to connect.
(authentication of Fibre Channel switches)
The storage system performs user authentication by host groups. Therefore, the host groups and hosts
need to have their own user information for performing user authentication.
When a host attempts to connect to the storage system, the authentication of hosts phase starts. In this
phase, it is determined whether the host group requires authentication of the host. If the host group
does not require authentication of the host, then the host will connect to the storage system without
authentication. If the host group requires it, authentication will be performed for the host. When the host
is authenticated successfully, the processing goes on to the next phase.
After the authentication of the host succeeds, if the host requires user authentication for the host group
that is the connection target, the authentication of host groups phase starts. In this phase, the host groups
and hosts authenticate with each other, that is, mutual authentication. In the authentication of host groups
phase, if the host does not require user authentication for the host group, the host will connect to the
storage system without authentication of the host group.
The following explains the settings required for user authentication. The settings for authentication of host
groups are needed only when you want to perform mutual authentication.
•
Settings for authentication of hosts
XP24000 LUN Manager User's Guide
43