Log on to iSCSI Targets
Applies To: Windows Server 2008 R2
With Storage Explorer, you can log on to targets in your storage area network (SAN) and choose the connection settings for each session.
This feature enables you to perform a select subset of the tasks that relate to iSCSI configuration and administration. You can also perform these and other tasks using the Microsoft iSCSI Initiator, which is included in Windows Server 2008 or later in Administrative Tools. Additionally, vendors of networking and storage solutions provide similar tools to perform iSCSI configuration and administration tasks. For more information about iSCSI, see http://go.microsoft.com/fwlink/?LinkId=102299.
Targets are created to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires to authenticate the servers that are requesting access to its resources.
Servers that require access to the storage resources on an iSCSI device have to connect to the target that those storage resources have been assigned to. To connect to a target, a server in the SAN uses an iSCSI initiator. An iSCSI initiator is a logical entity that enables the server to communicate with the target. The iSCSI initiator first logs on to the target and requests to start a session. The target must authorize the session and the session must be established before the server can access the storage resources.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
To log on to a target
In Servers, select the target that you want to log on to.
In the Actions pane, click Login to target.
If you want this logon session to be to automatically reestablished after each restart, select the Automatically restore this connection when the system boots check box.
If you will be enabling several paths from a server to this target (multipathing), select the Enable multiple-path check box.
If two or more iSCSI initiator adapters have been enabled on a server that will access this target and the server is not configured to use Multipath I/O, data corruption can occur. For more information about Multipath I/O, see Support for Multipathing.
To choose the connection settings:
In the Login Connection Settings dialog box, select the target portal that you want to connect to, the local adapter, and the source IP address.
If you want to protect the integrity of each data packet sent over the network, select the Data Digest check box or the Header Digest check box (or both). When you select these options, commands are verified and rejected if there is an error.
If you want to use Challenge Handshake Authentication Protocol (CHAP) authentication when connecting to the target, select the CHAP login information check box.
Choose the necessary CHAP parameters and click OK. For more information about CHAP, see iSCSI Security.
If you select to use RADIUS authentication, you must configure the iSCSI initiators and targets in your SAN to use this type of iSCSI security. This configuration is not done in Storage Explorer—it is done in the configuration tools for initiators and targets, such as iSCSI Initiator in Control Panel.
To choose the Internet Protocol security (IPsec) settings:
In the IPSec dialog box, select the Enable the IPSec settings check box.
Choose the IPsec parameters that you want to use and click OK. For more information about IPsec, see iSCSI Security.
To log on to the target using the connection settings and IPsec settings you have selected, click OK.
If you are not able to log on to a target, verify that the iSCSI initiator on your server is properly configured, and that you are choosing the correct connection and IPsec settings. The settings you choose in Storage Explorer to log on to a target must match the settings required by that target.
The level of security that you can set for a storage subsystem depends on the hardware manufacturer. Not all subsystems support all levels of iSCSI security. You should contact your hardware manufacturer to verify what level of security is supported.