Which CHAP authentication mechanism is available when using software iSCSI and dependent hardware iSCSI? (Choose all correct answers)
A.
Mutual CHAP
B.
Per-subnet CHAP
C.
Per-target CHAP
D.
One-way CHAP
Explanation:
Reference:
1) vsphere-esxi-vcenter-server-50-storage-guide.pdf , Page 82,
“For software and dependent hardware iSCSI adapters, ESXi also supports per-target CHAP authentication”2) ref: http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html
“In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.”
On the VCP5 Mock exam, this question asks to choose two. Mutual CHAP and Per-target CHAP are the correct answers. Per-subnet CHAP does not exist, and one-way CHAP is not available when using dependant hardware iSCSI.
Good feedback. I reviewed this question in the following link.
Ref: http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html
And you’re right. Thanks a milion.
No, one-way CHAP IS ALSO AVAILABLE when using dependant hardware iSCSI!
ESXi supports one-way CHAP FOR ALL TYPES of iSCSI initiators, and mutual CHAP only for software and dependent hardware iSCSI.
http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html
Mutual CHAP and Per-target CHAP are the correct answers, because one-way CHAP IS ALSO AVAILABLE with software iSCSI and dependent hardware iSCSI.
Can someone please clarify the answer according to vSphere 5 Docs answer should be (A)Mutual Chap, (D)One-Way Chap
http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html
Choosing CHAP Authentication Method
ESXi supports one-way CHAP for all types of iSCSI initiators, and mutual CHAP for software and dependent hardware iSCSI.
Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that the CHAP authentication credentials match the credentials on the iSCSI storage.
ESXi supports the following CHAP authentication methods:
One-way CHAP
In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.
Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.
“For software and dependent hardware iSCSI adapters, you can set one-way CHAP and mutual CHAP for each initiator or at the target level. ”
P85 storage configuration guide
As per VCP mock exam the actual question should read
“Which CHAP authentication mechanisms are ONLY available when using software and dependent hardware iSCSI adapters (Choose Two)?”
ONLY being the key part which means (a)Mutual Chap and (c)Per-target correct.
This is wrong. There are only two CHAP mechanism one-way and mutual. The answers are A and D. http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html#com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html?resultof=%2522%2563%2568%2561%2570%2522%2520
Ed is absolutely right
A and D
http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc_50%2FGUID-488A90C3-4826-4EB7-BAA4-E9C799AA2C02.html
Set Up CHAP Credentials for iSCSI Initiator
You can set up all targets to receive the same CHAP name and secret from the iSCSI initiator at the initiator level. By default, all discovery addresses or static targets inherit CHAP parameters that you set up at the initiator level.
The CHAP name should not exceed 511 alphanumeric characters and the CHAP secret should not exceed 255 alphanumeric characters. Some adapters, for example the QLogic adapter, might have lower limits, 255 for the CHAP name and 100 for the CHAP secret.
Prerequisites
■ Before setting up CHAP parameters for software or dependent hardware iSCSI, determine whether to configure one-way or mutual CHAP. Independent hardware iSCSI adapters do not support mutual CHAP.
■ In one-way CHAP, the target authenticates the initiator.
■ In mutual CHAP, both the target and the initiator authenticate each other. Use different secrets for CHAP and mutual CHAP.
When you configure CHAP parameters, verify that they match the parameters on the storage side.
A & D Here’s the vSphere 5 documentation center instructions that shows the answer to be A & D.
ONE-WAY or MUTUAL
Choosing CHAP Authentication Method:
ESXi supports one-way CHAP for all types of iSCSI initiators, and mutual CHAP for software and dependent hardware iSCSI.
ESXi supports the following CHAP authentication methods:
One-way CHAP: In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.
Mutual CHAP: In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method FOR SOFTWARE AND DEPENDENT HARDWARE iSCSI adapters ONLY.
***** For software and dependent hardware iSCSI adapters, you can set one-way CHAP and mutual CHAP for each initiator or at the target level. Independent hardware iSCSI supports CHAP only at the initiator level.
When you set the CHAP parameters, specify a security level for CHAP.
http://pubs.vmware.com/vsphere-50/index.jsp#com.vmware.vsphere.storage.doc_50/GUID-64D12CC2-3994-44A1-8826-345590969ED3.html?resultof=%2522%254d%2575%2574%2575%2561%256c%2522%2520%2522%256d%2575%2574%2575%2561%256c%2522%2520%2522%2543%2548%2541%2550%2522%2520%2522%2563%2568%2561%2570%2522%2520
Prerequisites:
Before setting up CHAP parameters for software and dependent hardware iSCSI, determine whether to configure one-way or mutual CHAP.
■ In one-way CHAP, the target authenticates the initiator.
■ In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets for CHAP and mutual CHAP.
Aaaahhhhhhhhhhhhhhhhhhh C is ALSO CORRECT!!!
ESXi and vCenter Server 5 Documentation > vSphere Storage > Configuring iSCSI Adapters and Storage
For software and dependent hardware iSCSI adapters, ESXi ALSO SUPPORTS PER-TARGET CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.
http://pubs.vmware.com/vsphere-50/index.jsp#com.vmware.vsphere.storage.doc_50/GUID-AC65D747-728F-4109-96DD-49B433E2F266.html?resultof=%2522%2570%2565%2572%252d%2574%2561%2572%2567%2565%2574%2522%2520
I must admit this is a tad confusing. I put A + D down for the practice exam and it came up incorrect, but there is obvious evidence in the links shared above that A + D is correct. Which answers are correct for the practice exam? A +C? or A+D? you can only choose 2.
I’ve seen confusion in some of the other practice test questions too (on this site) and I’m losing faith in the integrity on a VCP certification.
Any help much appreciated.
Thanks a bunch for sharing this with all of us you actually understand what you’re speaking approximately!
Bookmarked. Kindly additionally discuss with my site =). We can have a hyperlink exchange agreement between us