Hardware manual

ManualsBrandsDell ManualsComputer equipment6 series

Group Administration Group security

4–13

VDS/VSS access control records use the same criteria for restricting access as iSCSI target access control records:

CHAP user name, iSCSI initiator name, or iSCSI initiator IP address. See About iSCSI target access controls on

ge 8-1.

To display VDS/VSS Access, click

Group, then Group Configuration, and then the VDS/VSS tab.

See the online help for information about the data fields and options.

Adding a VDS/VSS access control record

1. Click Group, then Group Configuration, and then the VDS/VSS tab.

2. Click

Add in the VDS/VSS Access Control List panel.

3. Do at least one of the following:

• Check the box marked

Authenticate using CHAP user name to use CHAP (Authenticating

initiators through CHAP on pag

e 8-2).

• Check the box marked

Limit access by IP Address to constrain access to an IP address or range of

addresses. Use an asterisk as a wildcard to specify a range of addresses, such as

127.200.*.*.

• Check the box marked

Authenticate using CHAP user Limit access to iSCSI Initiator

name

to grant access to a specific SCSI initiator (See iSCSI target security on page 8-1). For example:

iqn.2000-05.com.qlogic.qla-4000.sn00044.

4. Click OK.

Modifying or deleting a VDS/VSS access control record

1. Click Group, then Group Configuration, and then the VDS/VSS tab.

2. To modify a record, select the record and click Modify. Change the CHAP user name, IP address (or range), or

the iSCSI initiator name. (See Adding a VDS/VSS access control record on pa

ge 4-13.) Then, click OK.

To delete a record, select the record and click

Delete. Then, confirm that you want to delete the record.

When you delete or modify a record you might need to update a

ny computer that was previously accessing

volumes through the access control record.

About dedicated management networks (advanced)

For increased security, you can configure a dedicated management network used only for administrative access to

the group. The management network is separate from the network that handles iSCSI traffic to the group.

Without a dedicated management network (the default configuratio

n), administrators connect to the group IP

address for both administrative access to the group and iSCSI initiator access to iSCSI targets (volumes and

snapshots).

With a dedicated management network, administrators do not use the group IP address for administrative access to

the group.

Instead, administrators connect to the management network address. All iSCSI traffic, including traffic

by replication partners, continues to use the group IP address.