SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: Canonical Targets



    > 
    > How about this instead:
    > 
    > 2. A discovery target MUST be accessible on the default tcp port
    >    on each IP address on which an iSCSI implementation is listening
    >    for iSCSI connections.  This default tcp port will often be the
    >    IANA-assigned TCP port for iSCSI.  If the implementation is
    >    listening on multiple TCP ports, the discovery target MAY be
    >    accessible on each TCP port.
    
    I feel this "MUST" is a "MAY".  The comments in this thread seem to focus on
    enabling I-T discovery in an "easy", insecure way.  It seems to me there are
    many possibilities for "discovery models" ranging from
    
    initiators probe targets "discovery" ports
    to
    initiators access "domain-specific directories" (this has also been referred
    to as "storage name servers", but I think that model is a narrow subset of a
    network resource management soln)
    
    In the environments where initiators get their storage resource information
    from a "directory server", it would be desirable to disable this "discovery
    target" to guard against unintended/unauthorized access to targets.
    Initiators may be authenticating to "directory servers" who then pass
    specific information about targets to attach to, as well as an
    authentication token.  The initiator could then log into the specific
    targets with the authentication token and the target is freed from the task
    of assigning/managing initiator lists.
    
    Marjorie Krueger
    Networked Storage Architecture
    Networked Storage Solutions Org.
    Hewlett-Packard
    tel: +1 916 785 2656
    fax: +1 916 785 0391
    email: marjorie_krueger@hp.com 
    


Home

Last updated: Tue Sep 04 01:04:41 2001
6315 messages in chronological order