Dell PowerFlex v3.6.x Security Configuration Guide

MDM to MDM encrypted communications

To ensure security between the two replication systems, the management communications between them must be encrypted. This is achieved by running the communications between the two MDM clusters of the replicated systems over TLS 1.2. In order to implement TLS, it is required that both MDM clusters have the MDM certificate of the other cluster. You must perform a certificate exchange between the two peer systems. Without this certificate exchange, it is not possible to set up replication peer systems. The following steps are necessary:

between the twopeer systems. Withoutthis certificate exchange, it is impossible to set up replication peer systems. The following stepsare necessary:

1. Using the SCLI, extract the root certificate on each system: scli --extract_root_ca --certificate_file <FILE_NAME>
2. Copy the root certificates to peer system using scp or any file transfer method.
3. Using the SCLI, add the copied certificate as a trusted certificate: scli --add_trusted_ca --certificate_file <FILE_NAME> --comment <COMMENT(e.g., NameOf_System)>

The certificate exchange between peer systems should be performed by a system administrator who has root access to all MDM nodes on both peer systems. Detailed instructions on performing this procedure are included in the "Post-deployment task" section of the Configure and Customize Dell PowerFlex.

SDR to SDC Authentication

In addition, Challenge-Handshake Authentication Protocol (CHAP) is used for authentication between the SDRs of each peer system within each Protection Domain. This authentication is bidirectional. The authentication is at the network level. If authentication fails, the network socket is not created and there is no connection between the two SDRs. This also determines the authorization of an SDR to write to its target volumes on the peer system.