Example of authenticating hosts in a Fibre Channel environment

Following is an example of authentication of hosts in a Fibre Channel environment. In this figure, WWNs of host bus adapters (HBAs) are abbreviated, such as A, B, and so on.

In the example, host group 1 performs authentication of hosts, and host group 2 does not.

The user information of host A is registered on the host group 1, and the authentication setting is enabled. Therefore, if the authentication of the host is successful, host A can connect to the storage system (or, the processing goes on to the authentication of the host group). As a precondition of successful authentication, host A should be configured for authentication by host groups with CHAP.

The user information of host B is also registered on the host group 1, but the authentication setting is disabled. Therefore, host B can connect to the storage system without authentication.

The user information of host C is not registered on the host group 1. Therefore, when host C tries to connect to the storage system, the authentication fails and the connection request is denied regardless of the setting on host C.

Host D is attached to the host group 2 that does not perform authentication of hosts. Therefore, host D can connect to the storage system without authentication.

During authentication of hosts, the connection is determined depending on the combination of the following host group settings:

• Setting of the host group in the Port tree: enable () or disable ()

• Whether the user information of the host that attempts to connect is registered on the host group