Re: [zfs-discuss] Guide to COMSTAR iSCSI?
Hi Chris, I have attempted to document the steps to restrict LUN access, here: http://docs.sun.com/app/docs/doc/821-1459/gkgnr?l=ena=view Please see if this info helps. If it doesn't, let me know the errors. Thanks, Cindy On 12/13/10 16:30, Chris Mosetick wrote: I have found this post from Mike La Spina to be very detailed covering this topic, yet I could not seem to get it to work right on my first hasty attempt a while back. Let me know if you have success, or adjustments that get this to work. http://blog.laspina.ca/ubiquitous/securing-comstar-and-vmware-iscsi-connections -Chris On Sun, Dec 12, 2010 at 12:47 AM, Martin Mundschenk m.mundsch...@mundschenk.de mailto:m.mundsch...@mundschenk.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I have configured two LUs following this guide: http://thegreyblog.blogspot.com/2010/02/setting-up-solaris-comstar-and.html Now I want each LU to be available to only one distinct client in the network. I found no easy guide how to accomplish the anywhere in the internet. Any hint? Martin -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJNBIw2AAoJEA6eiwqkMgR8vAcH/0jeBh0PvZdnjLK4FOY6/Xw1 JwAqdNbS5jvUn8pvYRxdA379gqyZNoFXMRTpPl5Xefw88rpXS+vqvDHoaM1A5Wov tTERXrh9DMACAswm4KYnA7lcWxEUJWBJ8LA870Sd6GVqPHbBnE+R+o2Op69XUy/g +sAa0f7MDHPJP46xad5/qweUVRNZ0C+Ka2YYqhWKvYTN2DEYmFfnem+c6Vna2TXv uOLoEeV+CHOI/BdrpcDaU8XQzAS5f1x/oTPhk56j0Uzm4q8+aKqc2YTccvGnRJCm 8F+/ZyZ40fy2TRLfhmZIGoL+y9nrJqUDm+K2jXkdH/55vzsk+EdhfZUlDYXsalo= =NdL6 -END PGP SIGNATURE- ___ zfs-discuss mailing list zfs-discuss@opensolaris.org mailto:zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Guide to COMSTAR iSCSI?
I have found this post from Mike La Spina to be very detailed covering this topic, yet I could not seem to get it to work right on my first hasty attempt a while back. Let me know if you have success, or adjustments that get this to work. http://blog.laspina.ca/ubiquitous/securing-comstar-and-vmware-iscsi-connections -Chris On Sun, Dec 12, 2010 at 12:47 AM, Martin Mundschenk m.mundsch...@mundschenk.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I have configured two LUs following this guide: http://thegreyblog.blogspot.com/2010/02/setting-up-solaris-comstar-and.html Now I want each LU to be available to only one distinct client in the network. I found no easy guide how to accomplish the anywhere in the internet. Any hint? Martin -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJNBIw2AAoJEA6eiwqkMgR8vAcH/0jeBh0PvZdnjLK4FOY6/Xw1 JwAqdNbS5jvUn8pvYRxdA379gqyZNoFXMRTpPl5Xefw88rpXS+vqvDHoaM1A5Wov tTERXrh9DMACAswm4KYnA7lcWxEUJWBJ8LA870Sd6GVqPHbBnE+R+o2Op69XUy/g +sAa0f7MDHPJP46xad5/qweUVRNZ0C+Ka2YYqhWKvYTN2DEYmFfnem+c6Vna2TXv uOLoEeV+CHOI/BdrpcDaU8XQzAS5f1x/oTPhk56j0Uzm4q8+aKqc2YTccvGnRJCm 8F+/ZyZ40fy2TRLfhmZIGoL+y9nrJqUDm+K2jXkdH/55vzsk+EdhfZUlDYXsalo= =NdL6 -END PGP SIGNATURE- ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Guide to COMSTAR iSCSI?
On Mon, Dec 13, 2010 at 5:30 PM, Chris Mosetick cmoset...@gmail.com wrote: I have found this post from Mike La Spina to be very detailed covering this topic, yet I could not seem to get it to work right on my first hasty attempt a while back. Let me know if you have success, or adjustments that get this to work. http://blog.laspina.ca/ubiquitous/securing-comstar-and-vmware-iscsi-connections -Chris On Sun, Dec 12, 2010 at 12:47 AM, Martin Mundschenk m.mundsch...@mundschenk.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I have configured two LUs following this guide: http://thegreyblog.blogspot.com/2010/02/setting-up-solaris-comstar-and.html Now I want each LU to be available to only one distinct client in the network. I found no easy guide how to accomplish the anywhere in the internet. Any hint? Martin -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJNBIw2AAoJEA6eiwqkMgR8vAcH/0jeBh0PvZdnjLK4FOY6/Xw1 JwAqdNbS5jvUn8pvYRxdA379gqyZNoFXMRTpPl5Xefw88rpXS+vqvDHoaM1A5Wov tTERXrh9DMACAswm4KYnA7lcWxEUJWBJ8LA870Sd6GVqPHbBnE+R+o2Op69XUy/g +sAa0f7MDHPJP46xad5/qweUVRNZ0C+Ka2YYqhWKvYTN2DEYmFfnem+c6Vna2TXv uOLoEeV+CHOI/BdrpcDaU8XQzAS5f1x/oTPhk56j0Uzm4q8+aKqc2YTccvGnRJCm 8F+/ZyZ40fy2TRLfhmZIGoL+y9nrJqUDm+K2jXkdH/55vzsk+EdhfZUlDYXsalo= =NdL6 -END PGP SIGNATURE- Looking at that, the one comment I'd make is that I'd strongly suggest avoiding CHAP. It really provides nothing in the way of security, and simply adds more complexity. If you're doing iSCSI across a WAN (I really hope you aren't), you'd be better served using a VPN. If you're doing it on a LAN and you're concerned about security, use VLAN's. It's generally a good idea to dedicate a VLAN to vmware storage traffic anyways (whether it be iSCSI or NFS) if your infrastructure can handle VLAN's. --Tim ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
