Managing an iscsi session, Logging into an iscsi session, Security – Dell Emulex Family of Adapters User Manual

Page 1572: Chap authentication, Configuring for the iscsi protocol, Setting up boot from san for iscsi

Advertising
background image

Boot Version 10.2 for NIC, iSCSI, FCoE, and RoCE Protocols User Manual

P010097-01B Rev. A

5. Configuring x86/x64 Platforms for the iSCSI Protocol

Managing an iSCSI Session

1572

Managing an iSCSI Session

To transmit information from an iSCSI initiator to an iSCSI target, the initiator must

first establish a session with the target through an iSCSI login process. The login

process:

Starts a TCP/IP connection.

Verifies that the iSCSI initiator has access to the iSCSI target (authentication).

Allows negotiation of various parameters.

Logging into an iSCSI Session

An iSCSI session has two phases:

Login Phase – iSCSI parameters are negotiated using login requests and

responses.

Full Featured Phase – Once security/authentication has occurred and

operational parameters have been set, the initiator begins to perform SCSI I/Os.

Security

Because the iSCSI protocol operates in the Internet environment, security is critical. The

iSCSI SAN uses the CHAP security method.

CHAP Authentication

CHAP is used to periodically verify the identity of the initiator by the target using a

challenge/response mechanism. The challenge/response is established on the initial

link and may repeated at any time afterward. For CHAP to work, the target must know

the initiator's secret key, and the initiator must correctly respond to the challenge.
Although the authentication is only one-way, you can negotiate CHAP in both

directions for mutual authentication, with the help of the same secret set.

Configuring for the iSCSI Protocol

This section provides instructions for configuring boot from SAN for iSCSI on various

operating systems using the iSCSISelect utility. It also provides information on how to

use the iSCSISelect utility to perform an MPIO boot configuration.

Setting Up Boot from SAN for iSCSI

In iSCSI target configuration, you have the option of setting dual network paths to a

single boot LUN. You must follow these steps in this order to configure boot support

successfully for each operating system.
1. Use the iSCSISelect utility to configure a boot target.

Note: iSCSI must be enabled for the port before configuring a boot target.

2. Complete the normal operating system installation.

Advertising
Popular Brands
Popular manuals