iSCSI Authentication

iSCSI initiators and targets prove their identity to each other using a challenge handshake authentication protocol (CHAP) to protect against unauthorized systems from accessing the data volumes.

The server uses the CHAP secret to authenticate the storage system. Each storage system has a unique secret that must be used to respond to the server's request to get authenticated.

The storage system uses the MCHAP secret to authenticate the initiator or server. Each initiator or server has a unique secret that must be used to respond to the storage system's request to get authenticated.

Some storage systems use only one name for both the CHAP and mutual CHAP (MCHAP) name, in which case enter that name for both the CHAP and MCHAP name in HPE OneView.

Screen component

Description

CHAP level

Select an iSCSI authentication option:

None

No authentication

CHAP

With this level of security, only the target authenticates the initiator.

Mutual CHAP

With this level of security, the target and the initiator authenticate each other. A separate secret is set for each target and for each initiator in the SAN.

CHAP name (Target name)

The iSCSI target username to use when the target (storage system) authenticates the initiator (server).

A valid name is 1–223 visible (letter, digit, and punctuation) characters.

CHAP secret (Target secret)

The iSCSI target secret (password) to use when the target (storage system) authenticates itself to the initiator (server). A valid secret is either 12–16 printable (letter, digit, punctuation, and space) characters with no 0x prefix, or 0x followed by 24–32 hexadecimal (0-9, a-f, and A-F) characters. A hexadecimal secret is only valid with the iSCSI function type.

Mutual CHAP name (Initiator name)

The iSCSI initiator username to use when the initiator (server) authenticates the target (storage system).

A valid name is 1–223 visible (letter, digit, and punctuation) characters.

Mutual CHAP secret (Initiator secret)

The iSCSI initiator secret (password) to use when the initiator (server) authenticates itself to the target (storage system). This secret must be different than the CHAP secret. A valid secret is either 12–16 printable (letter, digit, punctuation, and space) characters with no 0x prefix, or 0x followed by 24–32 hexadecimal (0-9, a-f, and A-F) characters. A hexadecimal secret is only valid with the iSCSI function type.