iSCSI authentication - CHAP (incl. mutual) vs. IP vs. IQN
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
in Off-Topic
Especially in vSphere environments. Trying to find a list of pro and cons of either method. We normally use CHAP and 'back in the days' we had a reason for it. The question now popped up again as to why we use CHAP but I just cannot think of a proper reason as to why CHAP is / was the way to go so I am trying to compile a list of pros and cons of either.
Any suggestions are highly appreciated.
IP authentication has obviously the disadvantage of assigning the wrong LUNs when initiator IPs are re-used and the target wasnt updated properly. Or HBAs are being swapped and re-used etc.
IQNs can easily be guessed when the default is being used.
What else is there though ?
Any suggestions are highly appreciated.
IP authentication has obviously the disadvantage of assigning the wrong LUNs when initiator IPs are re-used and the target wasnt updated properly. Or HBAs are being swapped and re-used etc.
IQNs can easily be guessed when the default is being used.
What else is there though ?
My own knowledge base made public: http://open902.com 
Comments
-
Everyone
Member Posts: 1,661
I don't think it should be a question of this vs that... I think they should be used together, at least if security is your goal.