RE: iSCSI boot

To: "David Robinson" <David.Robinson@EBay.Sun.COM>, <ips@ece.cmu.edu>
Subject: RE: iSCSI boot
From: "Douglas Otis" <dotis@sanlight.net>
Date: Fri, 25 May 2001 14:31:23 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
In-Reply-To: <3B0EB875.DAE93D98@ebay.sun.com>
Sender: owner-ips@ece.cmu.edu

David,

I think you misunderstand where this code would exist.  It would not be
within the DHCP/PXE PROM code.

Use the existing environment and previously defined parameters in
conjunction with existing servers and existing protocols.

Doug


> Douglas Otis wrote:
> > If there already is a means of discovering either LDAP or SLP
> in conjunction
> > with DCHP together will some security features defined within the PXE
> > specification, then adding iSCSI specific information is not really
> > required.  If you assume there is security present within LDAP
> and there is
> > a defined schema, the ability to retrieve information related
> to things like
> > ISID, Initiator Name, Target Name, mount point, etc can be made
> available
> > through those standard services with security providing the
> initial filter.
> > LDAP can store state as it is commonly used to keep password
> counts and the
> > like. It is not a direct property of LDAP, but a well structured schema
> > should make this task easier.  I know that I will hear, "Send
> in the Draft"
> > but until there is consensus as to what is needed and how it is
> to be used,
> > it would be a likely futile venture.
>
> I think you are over complicating things Doug. We already have a well
> defined
> standard for Network Adapters to discover their identity and their
> "root"
> storage device using DHCP.  All that is really needed by the IPS WG is
> to define
> the syntax and semantics of the string that indicates where the iSCSI
> target is.
>
> While LDAP provides a lot of features and can easily be used as the
> directory
> service behind a DHCP server (and in fact is often is), it is highly
> unlikely
> that vendors will embed LDAP into the PROMs of their adapters to
> retrieve
> a simple string that can just as easily be served using their existing
> DHCP/PXE
> PROMs.
>
> Security is actively being worked on the the DHCP community so that
> is something that iSCSI can leverage.
> (draft-ietf-dhc-authentication-16.txt)
>
> So I won't say "Send in a Draft" but instead "The IESG won't let us
> reinvent existing protocols".
>
> 	-David
>

Follow-Ups:
- iSCSI and secure boot
  - From: Bernard Aboba <aboba@internaut.com>
- Re: iSCSI boot
  - From: David Robinson <David.Robinson@sun.com>

References:
- Re: iSCSI boot
  - From: David Robinson <David.Robinson@EBay.Sun.COM>

Prev by Date: iSCSI: More draft-06 comments
Next by Date: RE: iSCSI: response to second login (with same ISID)
Prev by thread: Re: iSCSI boot
Next by thread: Re: iSCSI boot
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:36 2001
6315 messages in chronological order