On a public network, any application server that resides on the same network as the iSCSI host port of a storage device can access the storage device and perform read and write operations on the device. Therefore, data security is threatened. To ensure the security of storage devices, you can configure CHAP authentication to restrict application servers' access permissions on storage devices. You need to create a CHAP authentication user on the storage system, enable CHAP authentication for the initiator, and then configure CHAP authentication on the application server.
Procedure
- Choose Resources > Access > Host > CHAP Authentication.
- Select the desired account from the Account drop-down list in the upper left corner.
- Click Create.
The Create CHAP Authentication page is displayed.
- Set the name of the CHAP authentication.
- The name must be unique.
- The name must contain 4 to 127 characters.
- The name contains digits, letters, underscores (_), periods (.), colons (:), and hyphens (-), and must start with a letter or underscore (_).
- Set the password for CHAP authentication and confirm the password.
- The password cannot start with a hyphen (-).
- The password contains 12 to 16 characters.
- The password must contain two of the following character types: uppercase letters, lowercase letters, digits, and special characters, including ' ~ ! @ # $ % ^ & * ( ) - _ = + \ | [ { } ] ; : " , < . > / ?.
- Set Authentication Direction. Possible options are Target authenticating initiator and Initiator authenticating target.
- Click OK.
- Confirm your operation as prompted.