Filter
Top Products
132 SANRAD V-Switch User Manual
Connecting an Identity and Target
If you are working in
a V-Switch cluster,
each Identity must be
connected to the
target(s) on both V-
Switches.
All CLI names and
aliases are case
sensitive
Once created, an identity must be connected to a target to provide it with
access control. An identity specifies which access rights the iSCSI
initiators within the Identity have to the target.
When an identity is connected to a target, it is also given a position. The
position of the identity determines its place in the V-Switch access rights
evaluation. An identity with the position 0 (default identity) is the last
identity evaluated when an initiator tries to access a volume. If the
initiator meets the profile of the identity, it is granted that identity ‘s access
rights. If not, the V-Switch continues to position 1. The V-Switch does not
scan all identities to determine which most specifically fits the host.
Therefore, identities must be positioned in decreasing specificity to
function correctly. The V-Switch scans for the first fit and not the best fit.
An identity can be connected to more than one target to provide the same
conditions for each target. Use the CLI command acl add to connect an
identity to a target.
acl add
You need to define four parameters to connect an identity to a target:
SWITCH PARAMETER DEFINITION STATUS EXAMPLE
-ta
TARGET ALIAS ALIAS OF TARGET
TO ATTACH TO
MANDATORY
finance
-id
IDENTITY NAME OF ACL
IDENTITY
MANDATORY
accounting
-acc
ACCESS ACCESS RIGHTS TO
TARGET:
DEFAULT=RW
RW =READ-WRITE
RO = READ-ONLY
NA =NOT
ACCESSIBLE
OPTIONAL
DEFAULT=RW
rw
-pos
POSITION ACL RANK IN
ACCESS RIGHT
EVALUATION SCAN
OPTIONAL
ASSIGNED LAST
POSITION IF
NOT SPECIFIED
1
Example
The identity, accounting, is connected to the target finance. Accounting is
the second identity scanned for an initiator match. Any initiator in the
accounting identity is given read-only access. Later, an administrator
identity can be created with read-write access and placed in position 0.