RE: iSCSI: Canonical Targets

["KRUEGER,MARJORIE (HP-Roseville,ex1)" <marjorie_krueger@hp.com>]

> 
> How about this instead:
> 
> 2. A discovery target MUST be accessible on the default tcp port
>    on each IP address on which an iSCSI implementation is listening
>    for iSCSI connections.  This default tcp port will often be the
>    IANA-assigned TCP port for iSCSI.  If the implementation is
>    listening on multiple TCP ports, the discovery target MAY be
>    accessible on each TCP port.

I feel this "MUST" is a "MAY".  The comments in this thread seem to focus on
enabling I-T discovery in an "easy", insecure way.  It seems to me there are
many possibilities for "discovery models" ranging from

initiators probe targets "discovery" ports
to
initiators access "domain-specific directories" (this has also been referred
to as "storage name servers", but I think that model is a narrow subset of a
network resource management soln)

In the environments where initiators get their storage resource information
from a "directory server", it would be desirable to disable this "discovery
target" to guard against unintended/unauthorized access to targets.
Initiators may be authenticating to "directory servers" who then pass
specific information about targets to attach to, as well as an
authentication token.  The initiator could then log into the specific
targets with the authentication token and the target is freed from the task
of assigning/managing initiator lists.

Marjorie Krueger
Networked Storage Architecture
Networked Storage Solutions Org.
Hewlett-Packard
tel: +1 916 785 2656
fax: +1 916 785 0391
email: marjorie_krueger@hp.com