Planning Networks
To ensure host connectivity and storage system access security, properly plan the network and secure authentication.
Planning the Network
Hosts and storage systems can be connected in various modes. For details about connection modes, see "Planning Connectivity" in the Huawei SAN Storage Host Connectivity Guide for XXX. XXX represents a specific operating system, for example, Windows.
(Optional) Planning iSCSI CHAP
Plan iSCSI Challenge-Handshake Authentication Protocol (CHAP) to control access to a storage system.
CHAP is a method of verifying the identity of the peer using a 3-way handshake. This verification is based on a ciphertext or cipher key.
- During the establishment of a link, the authenticator sends a random challenge message to the peer.
- The peer encrypts the random challenge message using the password and algorithm and responds with the ciphertext.
- The authenticator checks the response against its own ciphertext obtained by encrypting the random challenge message using the peer's password and algorithm that have been saved. If the two ciphertexts match, the authentication is acknowledged. Otherwise, the connection is terminated.
After CHAP authentication is enabled on a storage system, you must enter the CHAP user name and password when accessing the storage system from an application server.
When planning CHAP, note the following:
- User name for CHAP authentication
- The name must contain 4 to 223 characters.
- The name can contain letters, digits, and special characters. Special characters include:
!"#$&%'()*+,-./:;<=>?@[\]^_`{|}~
- The first character must be a letter or digit.
- Password for CHAP authentication
- The password must contain 12 to 16 characters.
- The password must contain three of the following four types of characters:
- Uppercase letters
- Lowercase letters
- Digits
- Special characters (including space)
!"#$&%'()*+,-./:;<=>?@[\]^_`{|}~
- The password must not be the same as the CHAP user name or the reverse of the user name.
- Mapping between CHAP user accounts and initiators
CHAP user accounts must be created and assigned to corresponding initiators.