Reference information, Terminology, Understanding chap authentication – Dell PowerVault TL2000 User Manual

Page
15

Reference information

Terminology

CHAP

(Challenge Handshake Authentication Protocol). An optional security protocol used to control access to an iSCSI storage

system by restricting use of the iSCSI data ports on both the host server and iSCSI to SAS bridge. For more information on the
types of CHAP authentication supported, see

Understanding

CHAP Authentication

.

Host server port

iSCSI port on the host server used to connect it to bridge.

iSCSI initiator

The iSCSI-specific software installed on the host server that controls communications between the host server

and the iSCSI to SAS bridge.

NOTE:

A NOTE indicates important information that helps you make better use of your computer.

NOTICE:

A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the

problem.

Understanding CHAP Authentication

Before proceeding to either Step 5: Configure CHAP Authentication on the ISCSI to SAS bridge (optional)
or
Step 6: Configure CHAP Authentication on the Host Server (optional), it would be useful to gain an
overview of how CHAP authentication works.

What is CHAP?

Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI authentication method where
the iSCSI to SAS bridge (target) authenticates iSCSI initiators on the host server. Two types of CHAP are
supported: target CHAP and mutual CHAP.

Target CHAP

In target CHAP, the iSCSI to SAS bridge authenticates all requests for access issued by the iSCSI
initiator(s) on the host server via a CHAP secret. To set up target CHAP authentication, you enter a
CHAP secret on the iSCSI to SAS bridge, then configure each iSCSI initiator on the host server to send
that secret each time it attempts to access the iSCSI to SAS bridge.

Mutual CHAP

In addition to setting up target CHAP, you can set up mutual CHAP in which both the iSCSI to SAS bridge
and the iSCSI initiator authenticate each other. To set up mutual CHAP, you configure the iSCSI initiator
with a CHAP secret that the iSCSI to SAS bridge must send to the host sever in order to establish a
connection.
In this two-way authentication process, both the host server and the iSCSI to SAS bridge are sending
information that the other must validate before a connection is allowed.
CHAP is an optional feature and is not required to use iSCSI. However, if you do not configure CHAP
authentication, any host server connected to the same IP network as the iSCSI to SAS bridge can read
from and write to the iSCSI to SAS bridge.

Using iSNS

iSNS (Internet Storage Naming Service) Server, supported only on Windows iSCSI environments,
eliminates the need to manually configure each individual iSCSI to SAS bridge with a specific list of
initiators and target IP addresses. Instead, iSNS automatically discovers, manages, and configures all
iSCSI devices in your environment.
For more information on iSNS, including installation and configuration, see

www.microsoft.com