Dell Compellent Series 30 User Manual
Page 434
426
Storage Center 5.5 System Manager User Guide
C
CHA
Compellent Host Adapter.
CHAP
Challenge Handshake Authentication Protocol (CHAP) is an option for authentication of iSCSI
communications. CHAP periodically verifies the identity of a peer using a 3-way handshake, initially when
the link is established. After the Link Establishment phase is complete, the authenticator sends a challenge
message to the peer. The peer responds with a value calculated using a one-way hash function. The
authenticator checks the response against its own calculation of the expected hash value. If the values
match, the authentication is acknowledged; if values do not match, the connection is terminated. CHAP
provides protection against playback attack through the use of an incrementally changing identifier and a
variable challenge value. The use of repeated challenges is intended to limit the time of exposure to any
single attack.
This authentication method depends upon a secret known only to the authenticator and peer. The secret is
not sent over the link and is available in plaintext form.
The challenge value satisfies two criteria: uniqueness and unpredictability. Each challenge value must be
unique, since repetition of a challenge value in conjunction with the same secret would permit an attacker
to reply with a previously intercepted response. Since it is expected that the same secret might be used to
authenticate with servers in disparate geographic regions, the challenge must exhibit global and temporal
uniqueness. Each challenge value should also be unpredictable, lest an attacker trick a peer into responding
to a predicted future challenge, and then use the response to masquerade as that peer to an authenticator.
Although protocols such as CHAP are incapable of protecting against real-time active wiretapping attacks,
generation of unique unpredictable challenges can protect against a wide range of active attacks.
Cache
A high speed memory or storage device used to reduce the effective time required to read data from or write
data to a lower speed memory or device. Storage Center provides configurable cache to minimize disk
latencies.
Cluster Node
Server that is a member of a server cluster.
Clustered Controllers
More than one Storage Center controller that is interconnected (typically at high-speeds) for the purpose of
improving reliability, availability, serviceability and performance (via load balancing). Storage Center
provides automatic controller failover in an active-active configuration. Fully mirrored, battery backup cache
provides automatic restart and volumes migrate between controllers in the event of controller failure.
Conservation Mode
.
Control Port
In Virtual Port Mode, a Control Port is created for each iSCSI Fault Domain. iSCSI Servers connect to the
Storage Center via the Control Port. The Control Port redirects a connection to the appropriate Virtual Port.