How can iSCSI arrays limit access to targets from hosts?

iSCSI arrays commonly implement access control mechanisms to manage which hosts can connect to specific targets. Restricting access based on the host's IP address or subnet is a widely used method because it allows for a straightforward and effective way to manage connectivity. By specifying allowed IP addresses or subnets, the iSCSI array can permit only connections from known, trusted sources, thereby enhancing security.

This method works well because it leverages existing network configurations and routing principles, making it easier for administrators to implement and maintain. It helps prevent unauthorized access from hosts that are outside the defined parameters, thereby reducing the risk of attacks or data breaches.

Using usernames and passwords or client certificates are indeed methods of access control, but they are less common and may not be supported by all iSCSI implementations. Firewall rules can offer protection, but they typically operate at the network layer and may not be specifically tailored for iSCSI traffic management in the same way that IP address restrictions are. Hence, IP address or subnet restrictions are a fundamental aspect of controlling access to iSCSI targets effectively.