Managing Access Controls for Volumes and Snapshots

In a PS Series group, access control records are used to control which hosts can access a volume and its snapshots. It is recommended that you restrict access to prevent multiple hosts from simultaneously accessing a volume or snapshot and possibly corrupting data.

A volume and its snapshots share a single list of access control records (up to 16 for each volume). An access control record can apply to the volume, its snapshots, or both. For example, you may want to give one host access to both the volume and its snapshots and give another host access only to the volume’s snapshots.

In each record, you can specify an IP address, iSCSI initiator name or CHAP user name (or any combination of the three). To access a volume or snapshot, a host must exactly match at least one access control record.

For example, if a volume has only one access control record, which includes an IP address and CHAP user name, only a host with that IP address and the appropriate CHAP credentials can access it. If an administrator creates another record that includes an iSCSI initiator name, a host with that initiator can also access the volume.

You can also create a record that allows unrestricted host access. However, this is not recommended unless you are testing host access to the volume.

Note: If you want to be certain that no host can access a volume or snapshot, delete all its access control records. You can also set the volume or snapshot offline.

Access control record management topics include the following: