NetWare iSCSI initiator software can be configured either at the server console using server console commands or remotely using Novell Remote Manager. In order to configure an iSCSI initiator using Novell Remote Manager, Novell Remote Manager must be configured and working properly on a secure port. See Accessing Novell Remote Manager for NetWare
in the NW 6.5 SP8: Novell Remote Manager Administration Guide for more information
For each server that you want to function as an iSCSI initiator, do the following:
Enter ion at the server console to load iSCSI initiator software. Wait for about 10 seconds for the initiator to startup.
You can also enter ioff at the server console to unload iSCSI initiator software.
Enter iscsinit connect a.b.c.d target_name at the server console.
Replace a.b.c.d with the IP address of the iSCSI target device that is connected to the shared storage system.
If the iSCSI target device is an iSCSI storage router, then this is the IP address of the storage router. If the iSCSI target device is a NetWare server, then this is the IP address of the NetWare server.
Replace target_name with the iSCSI target name that is displayed after running the iscsinit discover a.b.c.dcommand. The iSCSI target name is case sensitive. You can leave the target name out to cause the initiator to connect to all available targets. Wait for about 10 seconds such that the devices are mounted before issuing any command to mount the pools or cluster resources that reside on those devices.
(Optional) To use CHAP authentication when connecting to an iSCSI target, use the /chap command line option with the iscsinit connect command.
For example, if you have configured a locally stored CHAP secret and you want CHAP to use it, you would enter the following at the command line
iscsinit /chap connect a.b.c.d
If you want to use a user-supplied CHAP secret, you would enter the following at the command line:
iscsinit /chap="sys:\system\chap.txt" connect a.b.c.d
The chap.txt file must be created prior to running the command and must contain the following lines:
OutgoingUsername=initiator name or agreed upon name
OutgoingPassword=shared secret text
You can configure and enable CHAP using Novell Remote Manager. For more information on configuring and enabling CHAP, see Enabling and Configuring iSCSI Initiator Security.
If you want iSCSI initiator software to load automatically when servers start, you can add the commands in the above steps to the autoexec.ncf file of each initiator server.
For each server that you want to function as an iSCSI initiator:
Enter ion at the server to load iSCSI initiator software.
You can do this either at the server console or remotely by using Novell Remote Manager to access the server console.
On the Novell Remote Manager main page, click the iSCSI Services link at the bottom of the left column.
Click and type the IP address of the iSCSI target device that is connected to the shared storage system.
If the iSCSI target device is an iSCSI storage router, then this is the IP address of the storage router. If the iSCSI target device is a NetWare server, then this is the IP address of the NetWare server.
Each target device can have multiple targets.
If you want a list of possible target names for a given IP address, click and type the IP address of the target device.
Click , select the target name you want to establish a session with, then click .
Configuring iSCSI initiator security consists of configuring the initiator-to-target authentication method. Challenge Handshake Authentication Protocol (CHAP) authentication is the method currently supported for initiator identity verification. CHAP protects against attacks and provides secure access between the iSCSI initiator and the target. If CHAP is not enabled, someone could potentially use the identity of a valid initiator to gain unauthorized access to iSCSI target devices. CHAP authentication is not enabled by default.
If your iSCSI target has CHAP enabled, you must enable CHAP on the initiators that will access that target, or target access will be denied. CHAP authentication is not currently supported on NetWare servers configured as iSCSI targets.
To enable and configure CHAP authentication using Novell Remote Manager:
On the Novell Remote Manager main screen, click the iSCSI Services link at the bottom of the left column.
Click the link.
This brings up a page that lets you choose the initiator-to-target authentication method.
Choose CHAP as the authentication method, then click .
If you choose CHAP, you must create a CHAP secret that will be used to ensure secure authentication between this initiator and the target.
Click to bring up a page that lets you configure the CHAP secret.
If you have already configured a locally stored CHAP secret, the , , and buttons appear to let you modify or delete your existing secret, or change it to a user supplied secret. If you have already chosen the user supplied secret option, a button appears to let you change to a locally stored secret.
Choose whether you want the CHAP secret to be locally stored or user supplied.
A locally stored secret is encrypted and stored on the initiator server. The same locally stored secret is used each time a session is started between this initiator and the target. Selecting the Locally Stored Secret option brings up a page that lets you specify the CHAP username and secret.
If you choose a user supplied CHAP secret, you will be prompted to create the CHAP secret each time you start a session between this initiator and the target. With this option, the CHAP secret is not stored on the initiator server, and it is not encrypted.
(Conditional) If you chose to create a locally stored CHAP secret, view and if necessary edit the CHAP username and create a CHAP secret.
The Initiator CHAP Username field is automatically filled in. It is the Internet Qualified Name (IQN) of this initiator. This field should not be changed unless you change the IQN of this initiator or you want to create or modify a CHAP locally stored secret for another initiator.
The Initiator CHAP Secret can include any ASCII characters and should be at least 16 characters long. The secret is encrypted and stored locally on the initiator.
Repeat the above steps to enable and configure CHAP authentication for each initiator server.