On Mon, Dec 13, 2010 at 5:30 PM, Chris Mosetick <cmoset...@gmail.com> wrote:
> I have found this post from Mike La Spina to be very detailed covering this > topic, yet I could not seem to get it to work right on my first hasty > attempt a while back. Let me know if you have success, or adjustments that > get this to work. > > > http://blog.laspina.ca/ubiquitous/securing-comstar-and-vmware-iscsi-connections > > -Chris > > > On Sun, Dec 12, 2010 at 12:47 AM, Martin Mundschenk < > m.mundsch...@mundschenk.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi! >> >> I have configured two LUs following this guide: >> >> >> http://thegreyblog.blogspot.com/2010/02/setting-up-solaris-comstar-and.html >> >> Now I want each LU to be available to only one distinct client in the >> network. I found no easy guide how to accomplish the anywhere in the >> internet. Any hint? >> >> Martin >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.16 (Darwin) >> >> iQEcBAEBAgAGBQJNBIw2AAoJEA6eiwqkMgR8vAcH/0jeBh0PvZdnjLK4FOY6/Xw1 >> JwAqdNbS5jvUn8pvYRxdA379gqyZNoFXMRTpPl5Xefw88rpXS+vqvDHoaM1A5Wov >> tTERXrh9DMACAswm4KYnA7lcWxEUJWBJ8LA870Sd6GVqPHbBnE+R+o2Op69XUy/g >> +sAa0f7MDHPJP46xad5/qweUVRNZ0C+Ka2YYqhWKvYTN2DEYmFfnem+c6Vna2TXv >> uOLoEeV+CHOI/BdrpcDaU8XQzAS5f1x/oTPhk56j0Uzm4q8+aKqc2YTccvGnRJCm >> 8F+/ZyZ40fy2TRLfhmZIGoL+y9nrJqUDm+K2jXkdH/55vzsk+EdhfZUlDYXsalo= >> =NdL6 >> -----END PGP SIGNATURE----- >> > > Looking at that, the one comment I'd make is that I'd strongly suggest avoiding CHAP. It really provides nothing in the way of security, and simply adds more complexity. If you're doing iSCSI across a WAN (I really hope you aren't), you'd be better served using a VPN. If you're doing it on a LAN and you're concerned about security, use VLAN's. It's generally a good idea to dedicate a VLAN to vmware storage traffic anyways (whether it be iSCSI or NFS) if your infrastructure can handle VLAN's. --Tim
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
