Intel Storage System SSR212PP User Guide 47
PRELIMINARY
iSCSI CHAP Authentication Worksheets
If the storage system is on a private LAN, you can elect not to configure CHAP
authentication. If the storage system is on a public LAN, we strongly recommend that you
set CHAP security. If you do not set CHAP security for the storage system, any host
connected to the LAN can read from and write to the storage system.
CAUTION
Whenever you record any security information such as the CHAP usernames and
secrets (passwords), it is imperative that you store the data in a secure location.
Storage System CHAP Levels
To set up a basic CHAP level, you can add one or more usernames and corresponding
secrets. Any initiator configured with one of these usernames/secrets can establish a
connection.
To set up an
advanced CHAP level, you can configure both initiator CHAP and mutual
CHAP. You can create initiator CHAP so that all initiators can use each username/secret
(as in basic CHAP). You can also use the iSCSI node name (IQN) to create
usernames/secrets that are restricted for use by a single initiator. Optionally, you can
configure mutual CHAP with a single target CHAP username/secret.
Initiator CHAP Worksheet
If you want the storage system to authenticate initiators, fill out the Initiator CHAP
Worksheet for all initiator accounts. Initiator CHAP must be set up and enabled for iSCSI
security to work. The easiest way to configure initiator CHAP is to create a friendly
username and secret for all initiators.
Initiator name: ___________________________________________________________
Use initiator name as system CHAP username: Yes___ No___
Allow any initiator to log In with this username and secret: Yes___ No___
CHAP username: _________________________________________________________
CHAP secret: ________________________________ Specified in hex: Yes___ No___
Initiator name: ___________________________________________________________
Use initiator name as system CHAP username: Yes___ No___
Allow any initiator to log In with this username and secret: Yes___ No___
CHAP username: _________________________________________________________
CHAP secret: ________________________________ Specified in hex: Yes___ No___
Initiator name: ___________________________________________________________
Use initiator name as system CHAP username: Yes___ No___
Allow any initiator to log In with this username and secret: Yes___ No___
CHAP username: _________________________________________________________
CHAP secret: ________________________________ Specified in hex: Yes___ No___