One of the suggestions to increase security in our environment is to use Mutual or Bi-directional CHAP for iSCSI traffic. We have seven ESXi 6.7 Update 1 hosts, a Nimble storage array, a Nexsan storage array, and Veeam for backup and replication. We do have a separate non-routable vlan for all storage traffic. Four questions:
- How important is it to use CHAP? I know security is always important, just trying to gauge our level of vulnerability
- If we do decide to use CHAP, is it tough to setup?
- Is there downtime needed? Let's say we configure one host to use CHAP. I am assuming as soon as this is configured it will lose connectivity to the Nimble array until we have configured that side as well and then connectivity will be re-established. Just trying to figure out the proper order of implementing CHAP without cutting off any VMs
- For those who use Veeam, I am assuming I have to setup CHAP as well since Veeam does SAN based backup. Is this straight forward?