For increased security, you can set up all targets to receive the same CHAP name and secret from the iSCSI initiator at the initiator level. By default, all discovery addresses or static targets inherit CHAP parameters that you set up at the initiator level.

Required privilege: Host.Configuration.Storage Partition Configuration

Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual CHAP. Hardware iSCSI does not support mutual CHAP.

In one-way CHAP, the target authenticates the initiator.

In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets for CHAP and mutual CHAP.

When configuring CHAP parameters, make sure that they match the parameters on the storage side.

For software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters. For hardware iSCSI, the CHAP name should not exceed 255 and the CHAP secret 100 alphanumeric characters.

1

Log in to the vSphere Client and select a server from the inventory panel.

2

Click the Configuration tab and click Storage Adapters in the Hardware panel.

The list of available storage adapters appears.

3

Select the iSCSI initiator to configure and click Properties.

4

On the General tab, click CHAP.

5

To configure one-way CHAP, under CHAP specify the following.

a

Select one of the following options:

Do not use CHAP unless required by target (software iSCSI only)

Use CHAP unless prohibited by target

Use CHAP (software iSCSI only). To be able to configure mutual CHAP, you must select this option.

b

Specify the CHAP name.

Make sure that the name you specify matches the name configured on the storage side.

To set the CHAP name to the iSCSI initiator name, select Use initiator name.

To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator name and enter a name in the Name field.

c

Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret that you enter on the storage side.

6

To configure mutual CHAP, first configure one-way CHAP by following directions in Step Step 5.

Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual CHAP:

a

Select Use CHAP.

b

Specify the mutual CHAP name.

c

Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual CHAP.

7

Click OK.

8

Rescan the initiator.

If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing sessions, new settings are not used until you log out and login again.