Account or device credentials are required to add a device in
secure connect gateway and to collect telemetry, if required. Depending on the devices in your environment, you can create one or more credential accounts for the same device type. However, at a time, only one account credential can be associated with a device type.
For authentication, after the username, you can either choose to enter the password of the device, or upload a key certificate and enter a passphrase. It is recommended to use the key certificate and passphrase method as it is more secure.
Authentication using key certificate includes the following process:
Creating an SSH key pair—a public key and a private key.
Go to
Device management > Manage credentials > Manage device credentials > Add credentials.
The
Add account credentials window is displayed.
Enter a credential name.
Select the device type.
The associated fields are displayed.
You can enter the credentials either manually or using a credential vault. Select one of the following options:
To store the credentials locally on the
secure connect gateway device, select
Manually.
To access credentials from the vault, select
Use a credential vault. Select the correct vault from the dropdown list and enter the identifiers that the device has been configured with. If you select
CCP, you must enter an
Account identifier. If you select
Conjur, you must enter the
Username identifier and
Password identifier.
NOTE:The identifier details are available on the credential vault user interface and the format is as follows:
Username identifier—Organization account name /Environment /Safe Name/Name + username
Password identifier—Organization account name /Environment /Safe Name/Name + password
If you have not added a vault, click
Add a vault and enter the required information. See
Add a credential vault.
Click
Add.
Perform one of the following steps:
If you select the device type as
Server / Hypervisor, select the operating system, enter the username and either enter the password, or upload the key certificate and enter the passphrase.
NOTE:You cannot add account credentials for a server or hypervisor running the Windows operating system. For the list of supported operating systems, see the
Secure Connect Gateway 5.x — Virtual Edition Support Matrix available
on the
Secure Connect Gateway - Virtual Edition documentation page.
If the device is running ESX or ESXi, you can select the
Enable Common Name (CN) check or
Enable Certificate Authority (CA) check check boxes to perform additional security checks on the device. To perform a CA check, you can also upload certificates from the local system.
If you select the device type as
iDRAC,
Storage Center (SC) / Compellent,
Dell ML3 or
PowerVault, enter the username and password of the device. Optionally, select the
Enable Common Name (CN) check or
Enable Certificate Authority (CA) check check boxes to perform additional security checks on the device. To perform a CA check, you can also upload certificates from the local system.
If you select the device type as
Chassis, enter the username and either enter the password, or upload the key certificate and enter the passphrase. Optionally, select the
Enable Common Name (CN) check or
Enable Certificate Authority (CA) check check boxes to perform additional security checks on the device. To perform a CA check, you can also upload certificates from the local system.
If you select the device type as
Fluid File System (Fluid FS), enter the username and either enter the password, or upload the key certificate and enter the passphrase.
If you select the device type as
Peer Storage (PS) / Equallogic, select the software type. Enter the username and either enter the password, or upload the key certificate and enter the passphrase, and then enter the community string of the device.
If you select the device type as
Software and software type as
vCentre, enter the username and password of the device. Optionally, select the
Enable Common Name (CN) check or
Enable Certificate Authority (CA) check check boxes to perform additional security checks on a vCenter. To perform a CA check, you can also upload certificates from the local system. If you select the software type as
HIT Kit / VSM for VMware, enter the username and either enter the password, or upload the key certificate and enter the passphrase.
If you select the device type as
Virtual Machine, select the operating system, and enter the username and either enter the password, or upload the key certificate and enter the passphrase.
If you select the device type as
Networking, and the operating system type as
Others, enter the username and either enter the password, or upload the key certificate and enter the passphrase. Enter the community string of the device. Click
Enable SNMP v3 if you have configured your networking device with SNMP v3 for traps. Enter the SNMP v3 details according to the security level. For details see
Configure SNMP v3 settings
NOTE:
If you are using a networking device that is running the operating system version 10 and later, ensure that you enter only the username and password for authentication and not the key certificate and passphrase. You must also use the same credentials for SSH or REST.
If you have configured the device with
Enable password and
Community string, you must add
Enable password identifier and
Community string identifier when you select
Conjur credential vault type. The community string is required only for Cisco devices, wireless controllers, and devices from the PowerConnect family 28xx and X series. The identifier details are available on the credential vault user interface and the format is as follows:
Enable Password identifier—Organization account name /Environment /Safe Name/Name + password
Community string identifier—Organization account name /Environment /Safe Name/Name + username
. If you select the device type as
Networking, and the operating system type as
Enterprise SONiC, enter the username and the password.
If you select the device type as
Solution, for
SSH Credentials, enter the username and either enter the password, or upload the key certificate, and enter the passphrase. For
REST Credentials, enter the username and password. Optionally, you can select the
Enable Common Name (CN) check or
Enable Certificate Authority (CA) check check boxes to perform additional security checks on the appliance. To perform a CA check, you can also upload certificates from the local system.
If you select the device type as
Direct Liquid Cooling, enter the credential name and then enter the community string of the device.
If you select the device type as
Remote Support SSH, use the credential vault and enter the username identifier and the password identifier. You cannot manually add the username and password for
Remote Support SSH.
NOTE:Devices that have SSH remote support capabilities enabled can share credentials using
Remote Support SSH. The supported device types are:
Data storage devices other than Fluid File System (Fluid FS), PeerStorage(PS) / Equallogic, Storage Center(SC)/Compellent, PowerVault (MD3 and ME4 Series), Dell ML3.
Converged/Hyperconverged Infrastructure other than Webscale.
Data Protection.
For more information about device types that have SSH for remote support capabilities, see the
Secure Connect Gateway 5.x - Virtual Edition Support Matrix available on the
on the
Secure Connect Gateway - Virtual Edition documentation page.
Click
Add.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\