PowerFlex 4.x Enabling or disabling SDC Authentication

Summary: PowerFlex allows authentication and authorization to be enabled for all SDCs connected to a cluster. Once authentication and authorization are enabled, older SDC clients and SDCs without a configured password are disconnected. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

The SDC procedures are not applicable for the PowerFlex management cluster.
 

Note: If SDC authentication is enabled in a production environment, data unavailability may occur if clients are not properly configured.

 

Prepare for storage data clients authentication.

Prepare the storage data clients for authentication.

Prerequisites

Ensure that you have the following information:

  • Primary and secondary MDM IP address
  • PowerFlex cluster credentials

Steps:

  1. Log in to the primary MDM:
scli --login --username admin --management_system_ip <management_system_ip>
  1. Authenticate with the PowerFlex cluster using the credentials provided.
  2. Type
scli --query_all_sdc
And record all the connected SDCs (any of the identifiers - NAME, GUID, ID, or IP address):
  1. For each SDC in your list, use the identifier recorded to generate and record a CHAP password. Type
scli --generate_sdc_password --sdc_id <id> or --sdc_ip <ip> or --sdc_name <name> or --sdc_guid <guid> --reason "CHAP setup".

This password is specific to that SDC and cannot be reused for subsequent SDC entries.
For example:

scli --generate_sdc_password --sdc_IP 172.16.151.36 --reason "CHAP setup"

Sample output:

[root@svm1 ~]# scli --generate_sdc_password --sdc_ip 172.16.151.36 --reason “CHAP setup”
Successfully generated SDC with IP 172.16.151.36 password:
AQAAAAAAAAAAAAA8UKVYp0LHCDFD59BrnEXNPVKSlGfLrwAk

Configure to use authentication.

Perform this procedure to configure the storage data clients for authentication.

About this task

For each storage data client, populate the generated CHAP password. On a VMware ESXi host, this requires setting a scini parameter through the esxcli tool. Use the procedure to perform this configuration change. For Windows and Linux SDC hosts, the included drv_cfg utility is used to update the driver and configuration file in real time.

 

Note: Reboot the VMware ESXi hosts for the new parameter to take effect.

 

Prerequisites

  • Generate the preshared passwords for all the storage data clients to be configured.
  • Ensure that you have the following information:
    • Primary and secondary MDM IP addresses or names
    • Credentials to access all VMware ESXi hosts running storage data clients

Steps

  1. Using SSH log in to the VMware ESXi host using the provided credentials.
  2. Type
esxcli system module parameters list -m scini | grep Ioctl

To list the hosts current scini parameters:

IoctlIniGuidStr string d30ff770-b64c-40b5-a341-58d18927e523 Ini Guid, for example: 12345678-90AB-CDEF-1234-567890ABCDEF
IoctlMdmIPStr string 192.168.151.20,192.168.152.20,192.168.153.20,192.168.154.20 Mdms IPs, IPs for MDM in same cluster should be comma separated. To configure more than one cluster use '+' to separate between IPs.For Example: 10.20.30.40,50.60.70.80+11.22.33.44. Max 1024 characters
IoctlMdmPasswordStr string Mdms passwords. Each value is <ip>-<password>, Multiple passwords separated by ';' signFor example: 10.20.30.40-AQAAAAAAAACS1pIywyOoC5t;11.22.33.44-tppW0eap4cSjsKIcMax 1024 characters

 

Note: The third parameter IoctlMdmPasswordStr is empty.
 
  1. Using ESXCLI, configure the driver with the existing and new parameters. To specify multiple IP addresses, use a semicolon (;) between the entries, as shown in the following example. Additional data IP addresses, data3, and data4 can be used, if required.
esxcli system module parameters set -m scini -p "IoctlIniGuidStr=10cb8ba6-5107-47bc-8373-5bb1dbe6efa3 IoctlMdmIPStr=192.168.151.20,192.168.152.20 IoctlMdmPasswordStr=192.168.151.20- AQAAAAAAAAA8UKVYp0LHCFD59BrnExNPvKSlGfLrwAk;192.168.152.20-AQAAAAAAAAA8UKVYp0LHCFD59BrnExNPvKSlGfLrwAk bBlkDevIsPdlActive=1 blkDevPdlTimeoutMillis=60000"
 
Note: There are spaces between Ioctl parameter fields and the opening quotes. The example is entered on a single line.
 
  1. Reboot the VMware ESXi nodes.
The SDC configuration is applied.
If the SDC is a PowerFlex hyperconverged node, go to the next step. For other nodes, continue to step 8.
  1. For PowerFlex hyperconverged nodes, use the scli tool to place the corresponding SDS into maintenance mode.
  2. If the SDS is also the cluster primary MDM, switch cluster ownership to a secondary MDM and verify cluster state before proceeding, type
scli --switch_mdm_ownership --mdm_name <secondary MDM name>.
  1. Power off the SVM once the cluster ownership is switched (if needed) and the SDS is in maintenance mode.
  2. Manually migrate the workloads to the other hosts if required, and place the VMware ESXi host in maintenance mode.
  3. Reboot the VMware ESXi host.
  4. Once the host has completed rebooting, remove it from maintenance mode and power on the SVM (if present).
  5. Take the SDS out of the maintenance mode (if present).
  6. Repeat this procedure for each VMware ESXi SDC host.

Examples: Windows and Linux SDC nodes

Windows and Linux hosts have access to the drv_cfg utility, which allows driver modification and configuration in real time.

The --file option allows for persistent configuration to be written to the driver's configuration file (so that the SDC remains configured after a reload or reboot).

 
Note: Only one IP address is needed for the command to identify the MDM to modify.
 

Windows (from within a PowerShell prompt):

C:\Program Files\EMC\scaleio\sdc\bin\drv_cfg --set_mdm_password --ip <MDM IP> --port 6611 --password <secret>

Linux:

/opt/emc/scaleio/sdc/bin/drv_cfg --set_mdm_password --ip <MDM IP> --port 6611 --password <secret> --file /etc/emc/scaleio/drv_cfg.txt
Iterate through the relevant SDCs, using the command examples along with the recorded information.

Enable storage data client authentication.

Perform this procedure to enable storage data client authentication.

Prerequisites

  • Ensure that all storage data clients are running PowerFlex, and are configured with their appropriate CHAP password. Any older or unconfigured storage data client is disconnected from the system when authentication is turned on.
  • Ensure that you have the following information:
    • Primary MDM IP address
    • Credentials to access the PowerFlex cluster

Steps

  1. SSH into the primary MDM
  2. Type
scli --login --username admin --management_system_ip <management_system_ip>

To log in to the PowerFlex cluster using the provided credentials.

  1. Type
scli --set_sdc_authentication --enable

To enable storage data client authentication feature.

  1. Type
scli --check_sdc_authentication_status

This verifies that the storage data client authentication and authorization is on, and that the storage data clients are connected with passwords.

Sample output:

[root@svm1 ~]# scli --check_sdc_authentication_status
SDC authentication and authorization is enabled.
Found 4 SDCs.
The number of SDCs with generated password: 4
The number of SDCs with updated password set: 4
  1. If the number of storage data clients does not match or any storage data clients are disconnected, storage data clients, list any or all the disconnected storage data clients and then disable the storage data client authentication by typing the following commands:
scli --query_all_sdc | grep "State: Disconnected"
  
scli --set_sdc_authentication --disable
  1. Recheck the disconnected storage data clients to ensure that they have the proper configuration applied. If necessary, regenerate their shared password and reconfigure the storage data client. If you are unable to resolve the storage data client disconnection, leave the feature disabled and contact Dell Technologies support as needed.

Disable SDC authentication.

Use this procedure to disable SDC authentication.

Prerequisites

Ensure all SDCs are configured with their appropriate CHAP secret. Any older or unconfigured SDCs are disconnected from the system when authentication is turned on.

Ensure that you have the following information:

  • Primary MDM IP address
  • Credentials to access the PowerFlex cluster

Steps

  1. SSH to the primary MDM address
  2. Log in to the PowerFlex cluster using the provided credentials.
  3. Disable the SDC authentication type: 
scli --set_sdc_authentication --disable

Once disabled, SDCs reconnect automatically unless otherwise configured.

Results

Once disabled, the SDCs reconnect automatically unless otherwise configured.

Expand an existing PowerFlex cluster with SDC authentication enabled.

Once a PowerFlex cluster has SDC authentication that is enabled, new SDCs must have the configuration step that is performed after the client is installed. This procedure is not applicable for the PowerFlex management cluster (ESXi). For Windows PowerFlex compute-only nodes, only firmware upgrades are supported.

Prerequisites

Ensure that you have the following information:

  • Primary MDM IP address
  • Credentials for the PowerFlex cluster
  • The IP address of the new cluster members

Ensure that you have added the SDC authentication enabled on the PowerFlex cluster.

Steps

  1. Install and add the SDCs as per normal procedures (whether using PowerFlex Manager or manual expansion process).
 
Note: New SDCs show as Disconnected at this point, as they cannot authenticate to the system.
 
  1. SSH to the primary MDM
  2. Log in to the PowerFlex cluster using the scli tool.
  3. For each of your newly added SDCs, generate and record a new CHAP secret, type:
scli --generate_sdc_password --sdc_IP <IP of SDC> --reason "CHAP setup - expansion."
  1. SSH and log in to the SDC host
  2. If the new SDC is a VMware ESXi host, follow the rest of this procedure.
  3. Type
-m scini | grep Ioctl 
esxcli system module parameters list -m scini

To list the current scini parameters of the host.

  1. Using esxcli, type
esxcli system module parameters set -m scini -p

To configure the driver with the existing and new parameters.

For example, 

esxcli system module parameters set -m scini -p "IoctlIniGuidStr=09bde878-281a-4c6d-ae4f-d6ddad3c1a8f IoctlMdmIPStr=10.234.134.194,192.168.152.199,192.168"
  1. At this stage, the SDC's configuration is ready to be applied. On ESXi nodes, a reboot is necessary for this to happen. If the SDC is a hyperconverged node, go to step 10 Otherwise, go to step 12.
  2. For PowerFlex hyperconverged nodes, use the presentation manager or scli tool to place the corresponding SDS into maintenance mode.
  3. Once the SDS is in maintenance mode, the SVM may be powered off safely
  4. Place the ESXi host in maintenance mode. No workloads should be running on the node, as the SDC is not configured yet.
  5. Reboot the ESXi host.
  6. Once the host has completed rebooting, remove it from maintenance mode and power on the SVM (if present).
  7. Take the SDS out of maintenance mode (if present).
  8. Repeat steps 5 through 15 for all ESXi SDC hosts.

Add a Windows or Linux authenticated SDC.

Use the drv_cfg utility on a Windows or Linux machine to modify both a running and persistent configuration. Use the following examples to perform the task on a Windows or Linux based PowerFlex node.

About this task

For Windows PowerFlex compute-only nodes, only firmware upgrades are supported.

Prerequisites

Only one IP address is required for the command to identify the MDM to modify.

Steps

  1. Press Windows +R.
  2. To open the command-line interface, type cmd.
  3. For Windows, type
drv_cfg --set_mdm_password --ip <MDM IP>

In the drv_cfg utility. For example:

drv_cfg --set_mdm_password --ip <MDM IP> --port 6611 --password <secret>
  1. For Linux, type
/opt/emc/scaleio/sdc/bin/drv_cfg --set_mdm_password --ip <MDM IP>

For example:

/opt/emc/scaleio/sdc/bin/drv_cfg --set_mdm_password --ip <MDM IP> --port 6611 --password <secret> --file /etc/emc/scaleio/drv_cfg.txt
  1. Repeat until all new SDCs are connected.

Additional Information

Dell PowerFlex Appliance with PowerFlex 4.x Administration Guide

Affected Products

ScaleIO
Article Properties
Article Number: 000332124
Article Type: How To
Last Modified: 09 فبراير 2026
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.