You can use several mechanisms to limit which volumes on an iSCSI storage system your ESX/ESXi host can access.

You must configure your host and the iSCSI storage system to support your storage access control policy.

A discovery session is part of the iSCSI protocol, and it returns the set of targets you can access on an iSCSI storage system. The two types of discovery available on ESX/ESXi are dynamic and static. Dynamic discovery obtains a list of accessible targets from the iSCSI storage system, while static discovery can only try to access one particular target by target name.

iSCSI storage systems authenticate an initiator by a name and key pair. ESX/ESXi supports the CHAP protocol, which VMware recommends for your SAN implementation. The ESX/ESXi host and the iSCSI storage system must have CHAP enabled and have common credentials. In the iSCSI login phrase, the iSCSI storage system exchanges and checks these credentials.

Access control is a policy set up on the iSCSI storage system. Most implementations support one or more of three types of access control:

By initiator name

By IP address

By the CHAP protocol

Only initiators that meet all rules can access the iSCSI volume.