Administrator Guide
Conguring CHAP for iSCSI Fault Domains
When Challenge Handshake Authentication Protocol (CHAP) authentication is enabled, the Storage Center challenges each iSCSI initiator
in the fault domain for a shared secret (password). When CHAP is enabled it applies to all servers and remote Storage Centers that
connect to the fault domain.
NOTE: When CHAP is enabled for an iSCSI fault domain, all iSCSI initiators in the fault domain (servers and Storage Centers)
must be congured to use CHAP. All iSCSI initiators that are not congured to use CHAP are no longer able to communicate with
the Storage Center iSCSI ports in the fault domain.
Congure CHAP for Servers in an iSCSI Fault Domain
When Challenge Handshake Authentication Protocol (CHAP) authentication is enabled (for unidirectional CHAP only), the Storage Center
(target) challenges each iSCSI initiator for a shared secret (password). Servers (remote initiators) must provide the correct shared secret
to access Storage Center (target) volumes. To enable bidirectional CHAP authentication, unique shared secrets (passwords) must be
congured for the remote initiator and the target Storage Center.
About this task
NOTE: Changing CHAP settings will cause existing iSCSI connections between SAN systems using the selected fault domain to
be lost. You will need to use the Congure iSCSI Connection wizard to reestablish the lost connections after changing CHAP
settings.
Steps
1 If the Storage Manager Client is connected to a Data Collector, select a Storage Center from the Storage view.
2 Click the Storage tab.
3 In the Storage tab navigation pane, expand Fault Domains, then expand iSCSI and click the fault domain.
4 In the right pane, click Congure CHAP.
The Congure CHAP dialog box opens.
5 Select the CHAP Enabled checkbox.
6 (Bidirectional CHAP only) In the Bidirectional CHAP Secret eld, type the shared secret that the Storage Center (target) must
provide when challenged by the remote initiator. If this eld is empty, bidirectional CHAP authentication is not enabled.
7 Dene the CHAP conguration for each server in the fault domain that initiates iSCSI connections to the Storage Center.
a Click Add.
The Add Remote CHAP Initiator dialog box opens.
b In the iSCSI Name eld, type the iSCSI name of the remote initiator.
c In the Remote CHAP Name eld, type the CHAP name of the remote initiator.
d (Bidirectional CHAP only) In the Local CHAP Secret eld, type the shared secret that the Storage Center (target) must provide
when challenged by the remote initiator. This secret is required if bidirectional CHAP is enabled on the remote iSCSI initiator. This
is the same shared secret that is typed into the Bidirectional CHAP Secret eld for Local CHAP Conguration on the
Congure CHAP dialog box.
e In the Remote CHAP Secret eld, type the shared secret that the remote initiator must provide when challenged by the
Storage Center (target).
f Click OK.
The Add Remote CHAP Initiator dialog box closes.
8 Click OK.
The Congure CHAP dialog box closes.
9 Congure each remote iSCSI initiator to use the shared secrets that you dened.
Storage Center Maintenance
283