Chap vs ipsec, One-way chap authentication, Iscsi target settings – Dell PowerVault NX3000 User Manual

36

Configuring Secured iSCSI Connections Using CHAP

CHAP vs IPSec

CHAP authenticates the peer of a connection and is based upon the peers
sharing a secret (a security key that is similar to a password). IP Security
(IPSec) is a protocol that enforces authentication and data encryption at the
IP packet layer and provides an additional level of security.

One-Way CHAP Authentication

In one-way CHAP authentication, only the iSCSI Target authenticates the
Initiator. The secret is set only for the Target and all Initiators that are
accessing the Target must use the same secret to start a logon session with the
Target. To set one-way CHAP authentication, configure the settings
described in the following sections on Target and Initiator.

iSCSI Target Settings

Before you configure the settings described in this section, ensure that few
iSCSI Targets and Virtual Disks are already created and the Virtual Disks are
assigned to the Targets.

1 On an iSCSI Target, go to PowerVault NAS Management Console→

Microsoft iSCSI Software Target

→ iSCSI Targets→ <Target name> and

either right-click and select Properties or go to Actions pane

→ More

Actions

→ Properties.

The <Target Name> Properties window appears, where Target Name is
the name of the iSCSI Target that you are configuring iSCSI settings for.

2 In the Authentication tab, select the check box for Enable CHAP and

type the user name (IQN name of the Initiator). You can enter the IQN
manually or use the Browse option to select the IQN from a list.

3 Enter the Secret, re-enter the same value in Confirm Secret, and click OK.

The secret must include 12 to 16 characters.

NOTE:

If you are not using IPSec, both Initiator and Target CHAP secrets

should be greater than or equal to 12 bytes and less than or equal to 16 bytes.
If you are using IPsec, the Initiator and Target secrets must be greater than
1 byte and less than or equal to 16 bytes.