User authentication, Settings for authenticating hosts – HP XP P9500 Storage User Manual
Page 148
The following topics provide information for managing user authentication on host groups, fibre
channel ports, and fibre channel switches:
•
“User authentication” (page 148)
•
“Fibre channel authentication” (page 154)
•
“Fibre channel port authentication” (page 157)
•
“Setting fibre channel port authentication” (page 157)
•
“Registering user information on a fibre channel port” (page 158)
)
•
(see
“Registering user information on a fibre channel switch” (page 158)
•
“Clearing fibre channel switch user information” (page 159)
)
•
“Setting the fibre channel switch authentication mode” (page 159)
)
•
“Enabling or disabling fibre channel switch authentication” (page 160)
User authentication
When configuring a fibre channel environment, use LUN Manager to set user authentication for
ports between the P9500 storage system and hosts. In a fibre channel environment, the ports and
hosts use Null DH-CHAP or CHAP (Challenge Handshake Authentication Protocol with a Null
Diffie-Hellmann algorithm) as the authentication method.
User authentication is performed in a fibre channel environment in three phases:
1.
A host group of the storage system authenticates a host that attempts to connect (authentication
of hosts).
2.
The host authenticates the connection-target host group of the storage system (authentication
of host groups).
CAUTION:
Because the host bus adapters at present do not support this function, this
authentication phase is unusable in the fibre channel environment.
3.
A target port of the storage system authenticates a fibre channel switch that attempts to connect
(authentication of fibre channel switches).
The storage system performs user authentication by host groups. Therefore, the host groups and
hosts need to have their own user information for performing user authentication.
When a host attempts to connect to the storage system, the authentication of hosts phase starts. In
this phase, first it is determined whether the host group requires authentication of the host. If it does
not, the host connects to the storage system without authentication. If it does, authentication is
performed for the host, and when the host is authenticated successfully, processing goes on to the
next phase.
After successful authentication of the host, if the host requires user authentication for the host group
that is the connection target, the authentication of host groups phase starts. In this way, the host
groups and hosts authenticate with each other, that is, mutual authentication. In the authentication
of host groups phase, if the host does not require user authentication for the host group, the host
connects to the storage system without authentication of the host group.
The settings for authentication of host groups are needed only when you want to perform mutual
authentication. The following topics explain the settings required for user authentication.
•
“Settings for authenticating hosts” (page 148)
•
“Settings for authentication of ports (required if performing mutual authentication)” (page 149)
Settings for authenticating hosts
On the storage system, use LUN Manager to specify whether to authenticate hosts on each host
group.
148
Managing logical volumes