52 Secured iSCSI Using Challenge-Handshake Authentication ProtocolCHAP vs IPSecCHAP authenticates the peer of a connection and is based upon the peerssharing a secret (a security key that is similar to a password). IP Security(IPSec) is a protocol that enforces authentication and data encryption at theIP packet layer and provides an additional level of security.One-Way CHAP AuthenticationIn One-Way CHAP authentication, only the iSCSI Target authenticates theInitiator. The secret is set only for the Target and all Initiators that areaccessing the Target must use the same secret to start a logon session with theTarget. To set one-way CHAP authentication, configure the settingsdescribed in the following sections on Target and Initiator.iSCSI Target settingsBefore you configure the settings described in this section, ensure that fewiSCSI Targets and Virtual Disks are already created and the Virtual Disks areassigned to the Targets.1 On an iSCSI Target, go to PowerVault NX1950 Management Console→Microsoft iSCSI Software Target→iSCSI Targets → andeither right-click and select Properties or go to Actions pane→MoreActions→Properties.The Properties window appears, where Target Name isthe name of the iSCSI Target that you are configuring iSCSI settings for.2 In the Authentication tab, select the check box for Enable CHAP andtype the User name (IQN name of the Initiator). You can enter the IQNmanually or use the Browse option to select the IQN from a list.3 Enter the Secret, re-enter the same value in Confirm Secret, and click OK.The secret must include 12 to 16 characters.NOTE: If you are not using IPSec, both Initiator and Target CHAP secretsshould be greater than or equal to 12 bytes and less than or equal to 16 bytes.If you are using IPsec, the Initiator and Target secrets must be greater than1 byte and less than or equal to 16 bytes.