Chap definitions – Dell PowerVault MD3660i User Manual

must send to the host sever in order to establish a connection. In this two-way authentication process, both the host
server and the storage array send information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP authentication, any
host server connected to the same IP network as the storage array can read from and write to the storage array.

NOTE: When using CHAP authentication, you should configure it on both the storage array (using MD Storage
Manager) and the host server (using the iSCSI initiator) before preparing virtual disks to receive data. If you
prepare disks to receive data before you configure CHAP authentication, you lose visibility to the disks once CHAP
is configured.

CHAP Definitions

To summarize the differences between target CHAP and mutual CHAP authentication, see the following table.

CHAP Type

Description

Target CHAP

Sets up accounts that iSCSI initiators use to connect to

the target storage array. The target storage array then

authenticates the iSCSI initiator.

Mutual CHAP

Applied in addition to target CHAP, mutual CHAP sets up

an account that a target storage array uses to connect to

an iSCSI initiator. The iSCSI initiator then authenticates

the target.

Step 5: Configure CHAP Authentication On The Storage Array

(Optional)

If you are not configuring any type of CHAP, skip these steps and go to

Step 7: Connect To The Target Storage Array

From The Host Server

.

NOTE: If you choose to configure mutual CHAP authentication, you must first configure target CHAP.

In terms of iSCSI configuration, the term Target always refers to the storage array.

Configuring Target CHAP Authentication On The Storage Array

1.

From MD Storage Manager, click the iSCSI tab and then click Change Target Authentication.
Select one of the CHAP settings described in the following table.

CHAP Setting

Description

None

This is the default selection. If None is the only selection, the storage array allows an
iSCSI initiator to log on without supplying any type of CHAP authentication.

None and CHAP

The storage array allows an iSCSI initiator to log on with or without CHAP
authentication.

CHAP

If CHAP is selected and None is deselected, the storage array requires CHAP
authentication before allowing access.

2.

To configure a CHAP secret, select CHAP and select CHAP Secret.

3.

Enter the Target CHAP Secret (or Generate Random Secret). Confirm it in Confirm Target CHAP Secret and click OK.
Although the storage array allows sizes from 12 to 57 characters, many initiators only support CHAP secret sizes up
to 16 characters (128-bit).

38