No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
OceanStor V500R007 Kunpeng Basic Storage Service Configuration Guide for Block
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Planning Networks

Planning Networks

To ensure host connectivity and storage system access security, properly plan the network and secure authentication.

Planning the Network

Hosts and storage systems can be connected in various modes. For details about connection modes, see "Planning Connectivity" in the Huawei SAN Storage Host Connectivity Guide for XXX. XXX represents a specific operating system, for example, Windows.

(Optional) Planning iSCSI CHAP

Plan iSCSI Challenge-Handshake Authentication Protocol (CHAP) to control access to a storage system.

CHAP is a method of verifying the identity of the peer using a 3-way handshake. This verification is based on a ciphertext or cipher key.

  1. During the establishment of a link, the authenticator sends a random challenge message to the peer.
  2. The peer encrypts the random challenge message using the password and algorithm and responds with the ciphertext.
  3. The authenticator checks the response against its own ciphertext obtained by encrypting the random challenge message using the peer's password and algorithm that have been saved. If the two ciphertexts match, the authentication is acknowledged. Otherwise, the connection is terminated.

After CHAP authentication is enabled on a storage system, you must enter the CHAP user name and password when accessing the storage system from an application server.

When planning CHAP, note the following:

  • User name for CHAP authentication
    • The name must contain 4 to 223 characters.
    • The name can contain letters, digits, and special characters. Special characters include:

      !"#$&%'()*+,-./:;<=>?@[\]^_`{|}~

    • The first character must be a letter or digit.
  • Password for CHAP authentication
    • The password must contain 12 to 16 characters.
    • The password must contain three of the following four types of characters:
      • Uppercase letters
      • Lowercase letters
      • Digits
      • Special characters (including space)

        !"#$&%'()*+,-./:;<=>?@[\]^_`{|}~

    • The password must not be the same as the CHAP user name or the reverse of the user name.
  • Mapping between CHAP user accounts and initiators

    CHAP user accounts must be created and assigned to corresponding initiators.

Download
Updated: 2021-11-03

Document ID: EDOC1100123477

Views: 35695

Downloads: 149

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :