User authentication (iscsi environments) – HP StorageWorks XP Remote Web Console Software User Manual

Regardless of the Fibre Channel switch's setting, the port performs authentication of the Fibre
Channel switch, but results in failure. The Fibre Channel switch cannot connect to the array.

•

Case D: When not performing authentication of Fibre Channel switches by ports
The Fibre Channel switch connects to the array without authentication of the host regardless of
whether or not the Fibre Channel switch is configured for authentication with CHAP.
In this case, although you do not need to register the Fibre Channel switch's user information on
the port, you can register the user information.

Authentication of ports (performing mutual authentication)

When authentication of a host succeeds, the host performs authentication of the port in reverse if the
host requires (mutual authentication). In authentication of ports, when the user information (user name
and secret) of the port specified on the port side matches the user information stored on the host, the
host allows the host group to connect.

User authentication (iSCSI environments)

When configuring iSCSI environments, use XP LUN Configuration and Security Manager Software
to set user authentication between ports on the array and hosts. In iSCSI environments, ports and
hosts use Challenge Handshake Authentication Protocol (CHAP) as the authentication method. This
section provides an overview of user authentication.

User authentication operations and settings (iSCSI environments)

User authentication operations in iSCSI environments consist of the following phases:

1.

An iSCSI target of the array authenticates a host attempting to connect (authentication of hosts).

2.

The host authenticates the connection-target iSCSI target of the array (authentication of iSCSI
targets).

The array performs user authentication by iSCSI targets. Therefore, iSCSI targets and hosts must have
their own user information for performing user authentication.

When a host attempts to connect to the array, the authentication of hosts phase starts. In this phase,
it is first determined whether or not the iSCSI target requires authentication of the host. If the iSCSI
target does not require authentication of the host, the host connects to the array without authentication.
If the iSCSI target requires authentication of the host, authentication is performed for the host. When
the host is successfully authenticated, processing goes to the next phase.

After authentication of the host succeeds, if the host requires user authentication for the iSCSI target
that is the connection target, the authentication of iSCSI targets phase starts. In this way, iSCSI targets
and hosts authenticate with each other, that is, mutual authentication. In the authentication of iSCSI
targets phase, if the host does not require user authentication for the iSCSI target, the host connects
to the array without authentication of the iSCSI target.

The following explains the settings required for user authentication. The settings for authentication of
iSCSI targets are needed only when performing mutual authentication.

•

Settings for authentication of hosts
• On the array:

Use XP LUN Configuration and Security Manager Software to specify whether authentication
of hosts is performed on each iSCSI target. On an iSCSI target that performs authentication,
register user information (iSCSI name, user name, and secret) of hosts allowed to connect to

XP LUN Configuration and Security Manager User Guide

53