7065iSCSI_Config1.fm Draft Document for Review August 30, 2007 12:59 am
372 IBM System Storage DS3000: Introduction and Implementation Guide
16.9 Test configuration
After you have installed RDAC, your disks should be visible. You should test to verify proper
operation of the access to the storage subsystem and correct function of the failover driver. To
simulate a network outages between the storage subsystem and a host, we recommend
detaching a network cable as the best test - merely disabling the port in software is not
typically a good enough test.
16.10 Enhance iSCSI connection security
After everything is working and tested, you should implement security for the iSCSI
connection - essentially this means configuring initiator and target authentication. Initiator
authentication means that an initiator must prove its identity with a password that is known by
the target, when the initiator attempts access. Target authentication is the opposite - the
target authenticates itself to the initiator with a password.
By default, as we have configured so far, the only security enabled is the iSCSI Qualified
Name (IQN) that is used to allow access to the logical drives. Since an IQN can be modified
within Storage Manager, this does not protect against spoofing of the qualified name, and
hence security can be compromised. This section will now describe how to setup initiator and
target authentication.
To implement the security, all accessed logical drives should be unmounted first in the
operating system. You receive a notification when changing the SANsurfer configuration as a
reminder that unmounting is necessary.
16.10.1 Set up initiator authentication
Initiator authentication is called mutual authentication permissions in DS3000 Storage
Manager.
1. Stop any applications that may be accessing the logical drives on the DS3300. Logoff from
all targets connected to an initiator port. To logoff, open SANsurfer and select the initiator
port 0. The Target Settings tab shows two iSCSI targets with an status of Session active.
Right click the first one and select Logout/Reconnect Device from the context menu as
shown in Figure 16-53 on page 373.
To Next Page
Loading...
Need help?
General