Nutanix Volumes is a feature that allows users to create and manage block storage devices (volume groups) on a Nutanix cluster. Volume groups can be accessed by external hosts using the iSCSI protocol. To secure volume groups from unauthorized access, Nutanix recommends configuring CHAP (Challenge-Handshake Authentication Protocol) for each volume group in Prism Element. CHAP is a security feature that authenticates iSCSI initiators and targets before allowing access to a volume group. CHAP requires both the initiator and the target to have a shared secret (a password) that is used to generate a challenge and a response during the authentication process. CHAP can prevent unauthorized access to volume groups and protect data from malicious attacks. References: Nutanix Volumes Administration Guide, page 25; Nutanix Volumes Security Guide

Nutanix’s best practices for Volumes security emphasize securing iSCSI connections through authentication. Configuring Volume Groups to use CHAP ensures that only authorized initiators can access the storage, preventing unauthorized access and aligning with security compliance requirements. This is a direct and mandatory step for securing Volumes, making it the best choice among the options.

Exact Extract from Nutanix Documentation:

From the Nutanix Volumes Administration Guide (available on the Nutanix Portal):

“To align with Nutanix best practices for security, configure Volume Groups to use CHAP (Challenge-Handshake Authentication Protocol) for iSCSI authentication. This ensures that only authorized initiators can access the Volume Group, protecting against unauthorized access and enhancing security.”