Overview – HP StorageWorks XP Remote Web Console Software User Manual
Page 41
•
Deleting user information for hosts (see
•
Specifying user information for host groups (when performing mutual authentication, see
)
•
Clearing user information for host groups (when performing mutual authentication, see
)
•
Specifying the information for Fibre Channel port (see
•
Registering user information on a Fibre Channel port (see
•
Registering user information on a Fibre Channel switch (see
•
Clearing user information for a Fibre Channel switch (see
)
•
Specifying an authentication mode of Fibre Channel switch (see
•
Specifying whether a Fibre Channel switch can perform authentication (see
)
NOTE:
The hosts to be connected also have to be configured for authentication by host groups
(and for authentication of host groups by the host, if required). For details on how to configure the
host for CHAP authentication, see the documentation of the operating system and Fibre Channel
driver in your environment.
Overview
When configuring a Fibre Channel environment, you can use LUN Manager to set user
authentication between ports of the storage system and hosts. In a Fibre Channel environment, the
ports and hosts use Null DH-CHAP as the authentication method. This section provides an overview
of user authentication.
NOTE:
Throughout this manual, Null DH-CHAP is sometimes referred to as CHAP.
The operation of user authentication in a Fibre Channel environment involves the following three
phases:
1.
A host group of the storage system authenticates a host that attempts to connect (authentication
of hosts).
2.
The host authenticates the connection-target host group of the storage system (authentication
of host groups).
CAUTION:
Because the host bus adapters currently do not support this function, this
authentication phase is unusable in the Fibre Channel environment.
3.
A target port of the storage system authenticates a Fibre Channel switch that attempts to
connect (authentication of Fibre Channel switches).
The storage system performs user authentication by host groups. Therefore, the host groups and
hosts need to have their own user information for performing user authentication.
When a host attempts to connect to the storage system, the authentication of hosts phase starts. In
this phase, it is determined whether the host group requires authentication of the host. If the host
group does not require authentication of the host, then the host will connect to the storage system
without authentication. If the host group requires it, authentication will be performed for the host.
When the host is authenticated successfully, the processing goes on to the next phase.
After the authentication of the host succeeds, if the host requires user authentication for the host
group that is the connection target, the authentication of host groups phase starts. In this phase,
the host groups and hosts authenticate with each other, that is, mutual authentication. In the
authentication of host groups phase, if the host does not require user authentication for the host
group, the host will connect to the storage system without authentication of the host group.
Setting Fibre Channel Authentication
41