No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Basic Storage Service Configuration Guide for Block

OceanStor Dorado V3 Series V300R002

This document is applicable to OceanStor Dorado3000 V3, Dorado5000 V3, Dorado6000 V3, and Dorado18000 V3. It describes the basic storage services and explains how to configure and manage them.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Planning Networks

Planning Networks

To ensure host connectivity and storage system access security, plan the network and authentication security measures.

Planning the Network

Hosts and storage systems can be connected in various modes. For details about connection modes, see "Planning Connectivity" in the Huawei SAN Storage Host Connectivity Guide for XXX. XXX represents a specific operating system, for example, Windows.

(Optional) Planning iSCSI CHAP

Plan iSCSI Challenge Handshake Authentication Protocol (CHAP) to control access to the storage system.

CHAP is a method of verifying the identity of the peer using a 3-way handshake. This verification is based on a ciphertext or cipher key.

  1. The authenticator sends random packets to the peer.
  2. The peer encrypts the random packets using its password and algorithm and returns the ciphertext to the authenticator.
  3. The authenticator uses the peer's password and algorithm to encrypt the same random packets and compares the ciphertext with that returned by the peer. If the two ciphertexts match, the authentication is acknowledged. Otherwise, the connection is terminated.

After CHAP authentication is enabled on the storage system, you must enter the CHAP user name and password when accessing the storage system from an application server.

When planning CHAP, note the following:

  • User name for CHAP authentication
    • The name must contain 4 to 223 characters.
    • The name can contain only letters, digits, and the following special characters:

      !"#$&%'()*+,-./:;<=>?@[\]^_`{|}~

    • The first character must be a letter or digit.
  • Password for CHAP authentication
    • The password must contain 12 to 16 characters.
    • The password must contain three of the following four types of characters:
      • Uppercase letters
      • Lowercase letters
      • Digits
      • Special characters (including space)

        !"#$&%'()*+,-./:;<=>?@[\]^_`{|}~

    • The password must not be the same as the user name or the user name spelled backwards.
  • Mapping between CHAP user accounts and initiators

    CHAP user accounts must be created and assigned to corresponding initiators.

Translation
Download
Updated: 2019-07-17

Document ID: EDOC1100049139

Views: 27788

Downloads: 210

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next