Modify Network Settings, iSCSI Tab

Navigation: System > Global Settings > Networking > Actions > Modify > iSCSI

Updates system-wide iSCSI settings if you have iSCSI hosts configured to use Challenge Handshake Authentication Protocol (CHAP), Access Control, Internet Storage Name Service (iSNS), or a combination of these parameters.

The iSCSI settings configures the authentication and access controls on the Oracle FS System, which the host must match to gain access. If you have CHAP and Access Control configured for each initiator, you do not need to configure iSCSI globally.

Connectivity and Communication

iSCSI Device Name

Identifies the name of the iSCSI initiator for the SAN host. An initiator encapsulates SCSI commands and data requests within iSCSI packets and transfers the packets across the IP network.

iSCSI Device Alias

Identifies an easily understood, alternative name for the iSCSI device. By default, the device alias is constructed using the Oracle FS System model plus the system serial number using the following format:

Oracle FS System <model‑number> SSN:<serial‑number>

Enable Header Digest

When an iSCSI initiator logs in to the Oracle FS System, the initiator negotiates the parameters for the iSCSI session. If the initiator does not give the system a choice regarding the use of iSCSI header digests, the system complies with what the initiator wants. If the initiator gives the system a choice and if Enable Header Digest is enabled, the system chooses to use header digests, regardless of the preference identified by the initiator.

Note: When selected, this parameter provides more error checking for the header portion of the iSCSI packet.

Enable Data Digest

When an iSCSI initiator logs in to the Oracle FS System, the initiator negotiates the parameters for the iSCSI session. If the initiator does not give the system a choice regarding the use of iSCSI data digests, the system complies with what the initiator wants. If the initiator gives the system a choice and if Enable Data Digest is enabled, the system will choose to use data digests, regardless of the preference identified by the initiator.

Note: When selected, this parameter provides additional error checking for the data portion of the iSCSI packet.

iSNS Server Registration

Enable iSNS Server Registration

Choosing this option allows Oracle FS System iSCSI targets to be registered in the iSNS server.

For discovery of the iSNS server IP address, specify either DHCP or static addressing:

Static

This option requires the following information:

Server: Indicates the server IP address.
TCP port: Indicates the TCP port that the Oracle FS System uses to register with the iSNS server.

Security

Access Control

Specifies the access control method for iSCSI initiators. Valid options:

None: Specifies that the Oracle FS System permits all iSCSI initiators to login.
Oracle FS: Specifies that the Oracle FS System rejects iSCSI login attempts from initiators that have not explicitly been granted permission by the user through the Oracle FS System Manager interface.

Authentication

Identifies the authentication of the host (initiator) during login. Valid options:

All Initiators: Specifies that CHAP authentication is required for all iSCSI connections to the Oracle FS System, regardless of what is configured for each host.
Per Initiator: Specifies that CHAP authentication is required only for those iSCSI connections for which it is configured for each host.
Note: If the initiator on the SAN host has been configured to require CHAP authentication, login fails unless the Oracle FS System is configured to authenticate to All Initiators or authentication is set to Per Initiator and the Enable Bi‑Directional CHAP option is selected. In either case, specify the CHAP Secret for the initiator.

Authentication Server

Specifies whether the Oracle FS System or a Radius server performs the authentication.

Oracle FS: Indicates that the Oracle FS System performs the authentication.
Radius: Indicates that a RADIUS server performs the authentication.
Note: When this option is selected, the system ignores any CHAP name or secret that is configured for a host in the Oracle FS System Manager.

Enable Bi-Directional CHAP

Enables the CHAP protocol to be used for requests for data (from the iSCSI initiator) and responses to requests (from the iSCSI target). If bi-directional CHAP support is disabled for the Oracle FS System, disable bi-directional CHAP for all initiators; otherwise the initiator login fails.

CHAP Secret

Identifies the encrypted CHAP authentication password (secret) used in the exchange of user names and secrets between two iSCSI devices. Both devices must support Point-to-Point Protocol (PPP) authentication.

Note: The Oracle FS System supports up to 100 UTF-8 non-integer characters. However, when connecting to Windows servers, limit the secret to a value between 12 and 16 characters in length.

Retype CHAP Secret

Re-enter the encrypted CHAP authentication password used.

Primary Radius Server and Secondary Radius Server

Identifies the details for connecting to the primary and secondary Radius servers. This information is required when the Authentication Server is set to Radius.

IP Address: Specifies the IP address of the Radius server.
UDP Port: Specifies the UDP port of the Radius server to which the Radius server is listening.
Radius Secret: Specifies the secret used to access the Radius server.
Retype Radius Secret: Specifies the retyped secret used to access the primary Radius server.