62 Appendix—Manual Configuration of iSCSIUnderstanding CHAP AuthenticationWhat is CHAP?Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSIauthentication method where the storage array (target) authenticates iSCSIinitiators on the host server. Two types of CHAP are supported:• Target CHAP• Mutual CHAPTarget CHAPIn target CHAP, the storage array authenticates all requests for access issuedby the iSCSI initiator(s) on the host server using a CHAP secret. To set uptarget CHAP authentication, you must enter a CHAP secret on the storagearray, then configure each iSCSI initiator on the host server to send thatsecret each time it attempts to access the storage array.Mutual CHAPIn addition to setting up target CHAP, you can set up mutual CHAP in whichboth the storage array and the iSCSI initiator authenticate each other. To set upmutual CHAP, configure the iSCSI initiator with a CHAP secret that thestorage array must send to the host sever in order to establish a connection. Inthis two-way authentication process, both the host server and the storage arraysend information that the other must validate before a connection is allowed.CHAP is an optional feature and is not required to use iSCSI. However, if youdo not configure CHAP authentication, any host server connected to the sameIP network as the storage array can read from and write to the storage array.NOTE: When using CHAP authentication, you should configure it on both thestorage array (using MDSM) and the host server (using the iSCSI initiator) beforepreparing virtual disks to receive data. If you prepare disks to receive data beforeyou configure CHAP authentication, you lose visibility to the disks once CHAPis configured.