- Notes, cautions, and warnings
- Introduction
- Revision history
- Accessing PowerFlex appliance components
- PowerFlex appliance deployment types
- Managing components with PowerFlex Manager
- Add licenses to PowerFlex Manager
- Configuring VMware vCenter high availability
- Enable or disable SSH on the VMware ESXi host dynamically
- Performing maintenance activities in a PowerFlex cluster
- Monitoring system health
- Monitor system resources
- Manage compliance
- Enabling SupportAssist
- Managing events and alerts
- CloudLink Center
- Network management
- Storage management
- Protection domains
- Fault sets
- Storage data servers
- Storage pools
- Acceleration pools
- Devices
- Volumes
- NVMe targets
- Hosts
- Storage management for PowerFlex controller nodes
- Configuring replication on PowerFlex nodes
- Redistribute the MDM cluster using PowerFlex Manager
- Set rebuild and rebalance settings
- Enabling or disabling SDC authentication
- Log in to PowerFlex using scli
- Prepare for storage data clients authentication
- Configure storage data client to use authentication
- Enable storage data client authentication
- Disable SDC authentication
- Expand an existing PowerFlex cluster with SDC authentication enabled
- Add a Windows or Linux authenticated SDC
- PowerFlex file storage
- Multitenancy
- NAS server
- Create a NAS server for NFS (UNIX-only) file systems
- Create NAS server for SMB (Windows-only) file systems
- Change NAS server settings
- Configure settings of an existing NAS server
- Manage the network routes between the NAS server and the supported external services
- Modify or configure the NAS server naming services
- NAS server sharing protocols
- NAS server protection and events
- Managing NAS server configuration
- NAS server settings
- NAS server security
- Create a global namespace
- File systems
- Quotas
- Shares and exports
- File protection
- Create a protection policy
- Create snapshot rules
- Create a snapshot
- Modify a snapshot
- Delete a snapshot
- Assign a protection policy to a file system
- Unassign a protection policy
- Modify a protection policy
- Delete a protection policy
- Modify a snapshot rule
- Delete a snapshot rule
- Refresh a file system using snapshot
- Restore a file system from a snapshot
- Clone NAS server and file system
- Clone the file system
- Create a thin clone using a snapshot
- Reconfiguring MDM roles
- Set rebuild and rebalance settings
- Enabling or disabling SDC authentication
- Log in to PowerFlex using scli
- Prepare for storage data clients authentication
- Configure storage data client to use authentication
- Enable storage data client authentication
- Disable SDC authentication
- Expand an existing PowerFlex cluster with SDC authentication enabled
- Add a Windows or Linux authenticated SDC
- Enabling replication on existing PowerFlex hyperconverged nodes
- Prerequisites
- Workflow
- Remove a PowerFlex hyperconverged resource group from PowerFlex Manager
- Create and configure replication port groups
- Preparing the SVMs for replication
- Shut down the SVM
- Add network adapters
- Record the MAC address of the newly added network interface controllers
- Modify SVMs
- Install SDR RPMs on the SDS nodes (SVMs)
- Exit SDS maintenance mode
- Adding the Storage Data Replicator to a PowerFlex appliance
- Create and copy certificates
- Add replication networks to PowerFlex Manager
- Add the hyperconverged resource group back to PowerFlex Manager
- Enabling replication on existing PowerFlex storage-only nodes
- Prerequisites
- Gather the MDM IP address information
- Install SDR
- Configure replication networks
- Create static routes
- Add SDRs to PowerFlex Manager
- Add firewall rules for SDR
- Remove existing storage-only resource group from PowerFlex Manager
- Add replication networks to PowerFlex Manager
- Add the storage-only resource group back to PowerFlex Manager
- Add peer replication systems
- Create the remote consistency group
- Secure component verification and TPM enablement on the PowerFlex nodes
- Administering the CloudLink Center
- Add the CloudLink Center license in PowerFlex Manager
- Adding and managing CloudLink Center licenses
- Configure syslog and audit logs in CloudLink
- Manage a self-encrypting drive (SED) from CloudLink Center
- Manage a self-encrypting drive from the command line
- Release a self-encrypting drive
- Release management of a self-encrypting drive from the command line
- Backup and restore
- Powering on and off
- Power on a Technology Extension with PowerScale
- Power on a PowerFlex appliance
- Power on the PowerFlex management controller 2.0
- Power on the PowerFlex management node
- Power on the VMware NSX Edge nodes
- Power on PowerFlex storage-only nodes
- Power on PowerFlex file nodes
- Power on all PowerFlex hyperconverged nodes
- Power on PowerFlex compute-only nodes
- Complete the powering on of PowerFlex appliance
- Power off a PowerFlex appliance
- Deactivate protection domain and power off PowerFlex storage-only node using PowerFlex Manager
- Power off PowerFlex compute-only nodes with VMware ESXi
- Power off PowerFlex file nodes
- Power off PowerFlex hyperconverged nodes with VMware ESXi
- Power off the VMware NSX Edge nodes
- Power off the PowerFlex management controller 2.0
- Power off the PowerFlex management node
- Complete the powering off of PowerFlex appliance
- Power off a Technology Extension with PowerScale
- Usernames and password management
- PowerFlex servers
- PowerFlex Manager
- Virtualization
- Management VMs
- Change CloudLink passwords
- Manage EmbeddedOS15.3 users credentials for the jump server
- Changing the IPI appliance password
- Changing a user account password on the IPI appliance
- Changing the operating system password
- System logs and audit logs
- PowerFlex Manager logs
- VMware vCenter logs
- CloudLink logs
- Network logs
- Configuring syslogs and audit logs
- Configure syslogs using VMware ESXi
- Configure and forward the syslogs using VMware vCenter
- Configure syslog and audit logs in CloudLink
- Configure audit logs in SVMs and PowerFlex storage-only nodes
- Configure iDRAC for audit logging
- Retrieve SDNAS audit logs
- Configuring syslogs for Dell PowerSwitch and Cisco Nexus switches
- PowerFlex audit log
- Migrating to NVMe over TCP on VMware ESXi
Dell PowerFlex Appliance with PowerFlex 4.x Administration Guide
Create credentials for root and non-root users
Use this procedure to create credentials for root and non-root users in PowerFlex Manager.
Prerequisites
To import and create the SSH keys for a PowerFlex node, switch, OS Admin, OS User, ensure you generate SSH key pairs of RSA type without passphrase. See Related information for more information.
About this task
You can now use a non-root user instead of the root user for PowerFlex system administration functions. This enhances security by disabling the root user during node discovery, operating system installation, and non-disruptive updates. The default non-root user name is pflex.
NOTE:The credential type
OS Admin is used for root users, and
OS User is used for non-root user.
OS Admin and
OS User credential types apply for the deployment the resource groups.
For non-root user authentication, after the deployment of the resource group, the SSH access to the user root is disabled, password is still available to take console access for troubleshooting.
PowerFlex Manager allows you to specify a non-root user when you configure a template for a compute-only, storage-only, hyperconverged or PowerFlex file deployment.
NOTE:SSH key pairs based root or non-root deployments are not supported for PowerFlex file deployments.
PowerFlex Manager allows you to use an LDAP user for PowerFlex system administration functions. When you create or edit an operating system user credential, you can optionally specify the LDAP domain. This allows you to use an active directory (AD) user rather than a local user for administration functions.
Steps
- On the menu bar, click .
- Click Resource Credentials. The Credentials Management page opens.
- Click Create.
-
In the
Create Credentials dialog box, from the
Credential Type drop-down list, select one of the following resource types for which you want to create non-root credentials:
- Node
- Switch
- OS Admin
- OS User
-
In the
Credential Name field, enter the name to identify the credential.
NOTE:If you are creating an OS User credential set for the management virtual machines on a PowerFlex management controller resource group, do the following:
- Enter MVM delladmin to identify the credential.
- In the User Name field, enter delladmin.
- Enter the delladmin account password in the Password and Confirm Password fields.
-
Click
Enable Key Pairs to enable log in with SSH key pairs and perform the following:
Table 1. Key pairs optionsThe following table provides procedures to log in with SSH key pairs. To... Do this... Enable key pairs for the Node or Switch credential: - Click
Import SSH Key Pair.
NOTE:Manually generate the SSH keys pairs.
- Click Choose File and browse to the file that contains the private key.
- Type a name for the key pair.
- Click Import.
Create keys using PowerFlex Manager for the OS Admin or OS User credential and enable key pairs: - Click Create a new key.
- Click Create & Download Key Pair.
- On Key Pair Name, type the name for key pair.
- Click Create.
- Click Download Public Key.
To manually generate and import an existing key pairs for the OS Admin or OS User credential - Click
Import SSH Key Pair.
NOTE:Manually generate the SSH keys pairs.
- Click Choose File and browse to the file that contains the public and private key.
- Type a name for the key pair.
- Click Import.
If you enable SSH key pairs for a Node or Switch credential and use that credential for discovery, PowerFlex Manager uses public or private RSA key pairs to SSH into your node or switch securely, instead of using a user name and password.If you enable SSH key pairs for an OS User or OS Admin credential and use that credential for a deployment, PowerFlex Manager uses RSA public or private key pairs for the deployment operations.
NOTE:PowerFlex Manager does not consume SSH keys for all component types. For example, if you enable SSH key pairs for an admin credential, the SSH keys are not used for the deployment of a CloudLink Center VM. Instead, the user name and password are used instead for all communication. - Click
Import SSH Key Pair.
-
To enable LDAP for an
OS User (optional):
- On the Create Credentials page, in the Credential type field, enter OS User.
- In the Credential Name field, enter LDAP.
- Enter the domain name and username in the Domain and User Name fields.
- Enter the passwords and click Save.
NOTE:Create username with domain name on active directory server. NTP server and active directory server time must sync. Configure DNS server and prefix on the management network configuration. -
In the
User Name field, enter the username for the credential.
For Nodes (iDRAC), root is the only valid username for root-level credentials. For a non-root user name, enter the default non-root user name.For the OS Admin credential type, the User Name field is disabled because the user is assumed to be root. You must use the root user for new deployments.For the OS User credential type, enter the default non-root user name.For the embedded operating system, this user account must have SSH enabled and have sudo access. For VMware ESXi, the account must be configured with the administrator role on the local server permission setting, which should enable SSH and other tools like esxcli. You can add existing resource groups with a non-root user. The account on the SVM and/or PowerFlex storage-only nodes for the OS User credential type must have a /home directory and have the correct group permissions.
- In the Password and the Confirm Password boxes, enter the password for the credential.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\