1. Field of the Invention
The present invention generally relates to storage area networks. More specifically, the present invention provides authentication mechanisms for iSCSI and fibre channel storage area networks.
2. Description of Related Art
The Internet Small Computer Systems Interface (iSCSI) allows connection of SCSI devices to storage area networks (SANs) using an Internet Protocol (IP) network. For example, an iSCSI initiator may be connected to a fibre channel switch over an IP network. The fibre channel switch may be connected to multiple hosts and disk arrays over a fibre channel storage area network.
In conventional implementations, security is provided by having a fibre channel switch authenticate various entities before allowing the entities to establish a connection. For example, an iSCSI initiator would perform an authentication exchange with the fibre channel switch in order to authenticate itself to the fibre channel switch. Storage area network entities such as disk arrays would also have to authenticate themselves to the fibre channel switch.
A fibre channel storage area network entity such as a disk array would also have to authenticate various entities before allowing the entities to establish a connection. For example, a host connected to the disk array would perform an authentication exchange with the disk array in order to authenticate itself to the disk array. However, having authentication performed at a number of different entities leads to a variety of inefficiencies.
Consequently, it is therefore desirable to provide methods and apparatus for improving the ability to authenticate initiators connected to a fibre channel storage area network.