Work with accounts using CHAP
In SolidFire storage systems, tenants can use accounts to enable clients to connect to volumes on a cluster. An account contains the Challenge-Handshake Authentication Protocol (CHAP) authentication required to access the volumes assigned to it. When you create a volume, it is assigned to a specific account.
An account can have up to two-thousand volumes assigned to it, but a volume can belong to only one account.
Create an account
You can create an account to allow access to volumes.
Each account name in the system must be unique.
-
Select Management > Accounts.
-
Click Create Account.
-
Enter a Username.
-
In the CHAP Settings section, enter the following information:
Leave the credential fields blank to auto-generate either password. -
Initiator Secret for CHAP node session authentication.
-
Target Secret for CHAP node session authentication.
-
-
Click Create Account.
View account details
You can view performance activity for individual accounts in a graphical format.
The graph information provides I/O and throughput information for the account. The Average and Peak activity levels are shown in increments of 10-second reporting periods. These statistics include activity for all volumes assigned to the account.
-
Select Management > Accounts.
-
Click the Actions icon for an account.
-
Click View Details.
Here are some of the details:
-
Status: The status of the account. Possible values:
-
active: An active account.
-
locked: A locked account.
-
removed: An account that has been deleted and purged.
-
-
Active Volumes: The number of active volumes assigned to the account.
-
Compression: The compression efficiency score for the volumes assigned to the account.
-
Deduplication: The deduplication efficiency score for the volumes assigned to the account.
-
Thin Provisioning: The thin provisioning efficiency score for the volumes assigned to the account.
-
Overall Efficiency: The overall efficiency score for the volumes assigned to the account.
Edit an account
You can edit an account to change the status, change the CHAP secrets, or modify the account name.
Modifying CHAP settings in an account or removing initiators or volumes from an access group can cause initiators to lose access to volumes unexpectedly. To verify that volume access will not be lost unexpectedly, always log out iSCSI sessions that will be affected by an account or access group change, and verify that initiators can reconnect to volumes after any changes to initiator settings and cluster settings have been completed.
Persistent volumes that are associated with management services are assigned to a new account that is created during installation or upgrade. If you are using persistent volumes, do not modify or delete their associated account. |
-
Select Management > Accounts.
-
Click the Actions icon for an account.
-
In the resulting menu, select Edit.
-
Optional: Edit the Username.
-
Optional: Click the Status drop-down list and select a different status.
Changing the status to locked terminates all iSCSI connections to the account, and the account is no longer accessible. Volumes associated with the account are maintained; however, the volumes are not iSCSI discoverable. -
Optional: Under CHAP Settings, edit the Initiator Secret and Target Secret credentials used for node session authentication.
If you do not change the CHAP Settings credentials, they remain the same. If you make the credentials fields blank, the system generates new passwords. -
Click Save Changes.
Delete an account
You can delete an account when it is no longer needed.
Delete and purge any volumes associated with the account before you delete the account.
Persistent volumes that are associated with management services are assigned to a new account that is created during installation or upgrade. If you are using persistent volumes, do not modify or delete their associated account. |
-
Select Management > Accounts.
-
Click the Actions icon for the account you want to delete.
-
In the resulting menu, select Delete.
-
Confirm the action.