I have a VNXe3200 which works with three Hyper-V nodes on OS server 2016. Everything is currently working fine but for security reasons I need to configure CHAP on both the VNXe3200 and my Server 2016 nodes and I need help in what steps I need to perform to achieve this. All the guides I have found from EMC give the steps based on 2008 OS so I want to get this right..
Can anyone help who has done this before and the best steps to get this working? Within the EMC console you can configure CHAP or Mutual CHAP but both ask for the username as well as the CHAP secret. How do I specify a username within iSCSI on Server 2016?
Any help would be much appreciated.
Hello, I personally have not done it on a Microsoft Windows 2016 server, but the initiator is not that much different to 2008/2012.
The EMC Host Connectivity Guide for Windows has some basic config steps and the same will apply here in your environment. See the "Windows 2008 R2 iSCSI Initiator manual procedure".
You have to use the manual method to see the "Advanced Settings" needed to specify chap. Do not use Quick Connect.
I recommend documenting in a diagram which NICs will connect to which SP ports prior so you have that ready for when you have to specify the Source IP/NIC and Target SP IP.
For further information from Microsoft please see "Connecting to an iSCSI target by using advanced settings" https://technet.microsoft.com/en-us/library/ee338480(v=ws.10).aspx
Thank you Michel. This is really helpful.
I already have the connections all set up to my EMC device, is it possible to
choose one username and CHAP secret to apply local adapters and Initiator IP? If so, how can I do this?
I have noticed that within the EMC portal you can only specify one username and CHAP secret so I am guessing the settings on each of my 3 Hyper-V nodes (2016 Hosts) need to have the same username and password?
Also, will I need to set up all the connections again to get this working or amend the existing connections?
Sorry for all the questions..
Hello, unfortunately this is a restriction of the MS iSCSI initiator. You have to go in each time to each path to set the Source/Target information and the Chap and secret to each.
Yes the same Username and password is required.
I would not do this online. Take the applications offline, disks offline in Disk Management to ensure that we do not corrupt during removal. Delete the existing connections and start over.
Not saying it is not possible to do it online, but remember you are going to be bringing down a path if you were to do it online. Whilst it may work I would be very hesitant to do so without first testing.