You can use several mechanisms to discover your storage and to limit access to it.

You must configure your host and the iSCSI storage system to support your storage access control policy.

A discovery session is part of the iSCSI protocol, and it returns the set of targets you can access on an iSCSI storage system. The two types of discovery available on ESX/ESXi are dynamic and static. Dynamic discovery obtains a list of accessible targets from the iSCSI storage system, while static discovery can only try to access one particular target by target name.

iSCSI storage systems authenticate an initiator by a name and key pair. ESX/ESXi supports the CHAP protocol, which VMware recommends for your SAN implementation. To use CHAP authentication, the ESX/ESXi host and the iSCSI storage system must have CHAP enabled and have common credentials.

Access control is a policy set up on the iSCSI storage system. Most implementations support one or more of three types of access control:

By initiator name

By IP address

By the CHAP protocol

Only initiators that meet all rules can access the iSCSI volume.