Deployment Guide

In terms of iSCSI configuration, the term target always refers to the storage array.
Configuring Target CHAP Authentication On The Storage Array
1. From MDSM, click the iSCSI tab and then click Change Target Authentication.
Select one of the CHAP settings described in table.
2. To configure a CHAP secret, select CHAP and select CHAP Secret.
3. Enter the Target CHAP Secret (or Generate Random Secret). Confirm it in Confirm Target CHAP
Secret and click OK.
Although the storage array allows sizes from 12 to 57 characters, many initiators only support CHAP
secret sizes up to 16 characters (128-bit).
NOTE: A CHAP secret is not retrievable after it is entered. Ensure that you record the secret in
an accessible place. If Generate Random Secret is used, copy and paste the secret into a text
file for future reference since the same CHAP secret is used to authenticate any new host
servers you may add to the storage array. If you forget this CHAP secret, you must disconnect
all existing hosts attached to the storage array and repeat the steps in this chapter to re-add
them.
4. Click OK.
Table 10. CHAP Setting
Option Description
None This is the default selection. If None is the only
selection, the storage array allows an iSCSI
initiator to log on without supplying any type of
CHAP authentication.
None and CHAP The storage array allows an iSCSI initiator to log
on with or without CHAP authentication.
CHAP If CHAP is selected and None is deselected, the
storage array requires CHAP authentication
before allowing access.
Configuring Mutual CHAP Authentication On The Storage Array
The initiator secret must be unique for each host server that connects to the storage array and must not
be the same as the target CHAP secret.
Change the initiator authentication settings in the Change Target Authentication window. Use these
options to change the settings:
None—Select None if you permit no initiator authentication. If you select None, any initiator can
access this target. Use this option only if you do not require secure data. However, you can select
both None and CHAP at the same time.
CHAP—Select CHAP if you want to enable an initiator that tries to access the target to authenticate
using CHAP. Define the CHAP secret only if you want to use mutual CHAP authentication. If you
select CHAP, and if no CHAP target secret is defined, an error message is displayed. Click CHAP
Secret to view the Enter CHAP Secret windows. Use this window to define the CHAP secrets.
NOTE: To remove a CHAP secret, you must delete the host initiator and re-add it.
46