HP StorageWorks XP Remote Web Console Software User Manual
Page 42
1.
A host group of the storage system authenticates a host that attempts to connect (authentication
of hosts).
2.
The host authenticates the connection-target host group of the storage system (authentication
of host groups).
CAUTION:
Because the host bus adapters currently do not support this function, this
authentication phase is unusable in the Fibre Channel environment.
3.
A target port of the storage system authenticates a Fibre Channel switch that attempts to
connect (authentication of Fibre Channel switches).
The storage system performs user authentication by host groups. Therefore, the host groups and
hosts need to have their own user information for performing user authentication.
When a host attempts to connect to the storage system, the authentication of hosts phase starts. In
this phase, it is determined whether the host group requires authentication of the host. If the host
group does not require authentication of the host, then the host will connect to the storage system
without authentication. If the host group requires it, authentication will be performed for the host.
When the host is authenticated successfully, the processing goes on to the next phase.
After the authentication of the host succeeds, if the host requires user authentication for the host
group that is the connection target, the authentication of host groups phase starts. In this phase,
the host groups and hosts authenticate with each other, that is, mutual authentication. In the
authentication of host groups phase, if the host does not require user authentication for the host
group, the host will connect to the storage system without authentication of the host group.
The following explains the settings required for user authentication. The settings for authentication
of host groups are needed only when you want to perform mutual authentication.
•
Settings for authentication of hosts
On the storage system:
Use LUN Manager to specify whether to perform authentication of hosts on each host
group. On a host group that performs authentication, register user information (group
◦
name, user name, and secret) of the hosts that are allowed to connect to the host group.
A secret is a password used in CHAP authentication. When registering user information,
you can also specify whether to enable or disable authentication on a host basis. For
details on the settings, see
“Enabling or Disabling Host Authentication” (page 49)
and
“Registering Host User Information” (page 49)
◦
On hosts:
Configure the operating system and Fibre Channel host bus adapter driver for
authentication by host groups with CHAP. You need to specify the user name and secret
of the host used for CHAP. For details, see the documentation for the operating system
and Fibre Channel host bus adapter driver in your environment.
•
Settings for authentication of ports (required if performing mutual authentication)
On the storage system:
Use LUN Manager to specify user information (user name and secret) of each host group.
◦
◦
On hosts:
Configure the operating system and Fibre Channel host bus adapter driver for
authenticating host groups with CHAP. You need to specify the user name and secret of
the host group that is the connection target. For details, see the documentation for the
operating system and Fibre Channel host bus adapter driver in your environment.
When authentication of a host succeeds, the host performs authentication of the port reversely if
required by the host (mutual authentication). In authentication of ports, when the user information
42
Performing LUN Manager Operations