Which CHAP authentication mechanisms are only available when using software and dependent hardware iSCSI adapt

Which CHAP authentication mechanisms are only available when using software and dependent hardware iSCSI adapters (Choose Two)?

A.
Mutual CHAP

B.
Per-Subnet CHAP

C.
Per-target CHAP

D.
One-way CHAP

Explanation:
From http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html

ESXi supports the following CHAP authentication methods:

One-way CHAP
In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.

Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.

6 Comments on “Which CHAP authentication mechanisms are only available when using software and dependent hardware iSCSI adapt

  1. George says:

    Key question is ‘only’, i too though it should be D but then found this in the vSphere Storage guide for esxi 5

    Configuring CHAP Parameters for iSCSI Adapters
    Because the IP networks that the iSCSI technology uses to connect to remote targets do not protect the data
    they transport, you must ensure security of the connection. One of the protocols that iSCSI implements is the
    Challenge Handshake Authentication Protocol (CHAP), which verifies the legitimacy of initiators that access
    targets on the network.
    CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI
    target when the host and target establish a connection. The verification is based on a predefined private value,
    or CHAP secret, that the initiator and target share.
    ESXi supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP name
    and secret from the iSCSI initiator. For software and dependent hardware iSCSI adapters, ESXi also supports
    per-target CHAP authentication, which allows you to configure different credentials for each target to achieve
    greater level of security.
    Choosing CHAP Authentication Method
    ESXi supports one-way CHAP for all types of iSCSI initiators, and mutual CHAP for software and dependent
    hardware iSCSI.
    Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP
    authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that
    the CHAP authentication credentials match the credentials on the iSCSI storage.

  2. kav says:

    so which one is it. The text from Vsphere storage guide confused me even more?
    Is it mutual or per target? or both? and it if both then VMWARE are giving us the bum stir on the questions because it does not say choose 2 on the exam just choose 1

    1. karlocehttp://zipskinny.com/index.php?zip=73117&x=32&y=10 says:

      A & C are correct. key word is only. as one way chap is supported on both independent and dependent adapters.

      per-target CHAP
      For software and dependent hardware iSCSI adapters, ESXi also supports
      per-target CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.

      Mutual CHAP
      In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.

  3. scar says:

    Below is from VMWare practice test

    Question: Which CHAP authentication mechanisms are only available when using software and dependent hardware iSCSI adapters (Choose Two)?
    Incorrect response(s):

    One-way CHAP
    Explanation: One-way CHAP is also available for independent hardware iSCSI adapters


Leave a Reply

Your email address will not be published. Required fields are marked *