Access control settings are used to protect resources against unauthorized access.
The following access control settings are supported:
MDM:
User roles and passwords are needed to access the MDM. User roles with different access permissions can be assigned to users. Both local and LDAP authentication are supported. For more information, see "User Management" in the
Configure and Customize Dell PowerFlex.
Limited MDM access mode—a system can be configured to allow read-only access to the MDM by remote clients. In this mode, only local users connecting to the MDM using the IP address 127.0.0.1 have full configuration privileges.
Restricted SDC mode—a system can be configured to only allow approved SDCs to connect to the MDM. This mode forces you to map volumes only to SDCs which have been previously approved by the user, by configuring them using their GUID. To increase security, you can specify that only SDCs with preconfigured IP addresses can communicate with the MDM. For more information, see the
Configure and Customize Dell PowerFlex.
SSL authentication of internal components to the MDM—allows secure authentication of
PowerFlex SDS components to the MDM using a Public and Private Key (Key-Pair) associated with a certificate. The trust is established when adding the SDS, and reconnecting will require reauthentication.
Secure connectivity with external components—allows external components to authenticate the MDM with a certificate and authenticate back to the MDM with a username and password. After authentication, communication between the MDM and external components is performed using TLS (Transport Layer Security) protocols. External components include:
PowerFlex Installer client,
PowerFlex CLI client,
PowerFlex GUI client, vSphere plug-in, and
PowerFlex Gateway. The same method is used between the
PowerFlex Installer client and LIAs.
An RSA Lockbox is used to store MDM credentials on the
PowerFlex Gateway. These credentials are required for authentication purposes by the SNMP trap sender and ESRS.
PowerFlex can be used to run user-provided scripts on servers hosting MDM or SDS components. This feature is supported on Linux-based nodes only. This feature can be used for any purpose external to the
PowerFlex system, such as running a set of Linux shell commands, patching an operating system, and more. The feature allows the running of scripts in a safe manner, both from a security and a data integrity perspective.
PowerFlex Gateway:
Access to the
PowerFlex Gateway requires defining a dedicated user. This user may either be a local user or an LDAP user. For more information, see the
Configure and Customize Dell PowerFlex, or
Dell PowerFlex User Roles and LDAP Usage Technical Notes.
Access to the
PowerFlex Installer requires a username and password. This user may either be a local user or an LDAP user. For more information, see the
Configure and Customize Dell PowerFlex, or
Dell PowerFlex User Roles and LDAP Usage Technical Notes.
A manually generated public-private key pair can be used to perform SSH key authentication, instead of passwords, between the
PowerFlex Gateway and
PowerFlex servers.
LDAP support for the
PowerFlex Gateway and the
PowerFlex Installer now includes up to 8 LDAP servers.
LIA:
PowerFlex Installer /
PowerFlex Gateway access to the LIA may be restricted to predefined IP addresses, by configuring the list of trusted IP addresses in the file:
Access to the LIA can use local authentication or LDAP authentication, with up to 8 LDAP servers.
REST API:
REST authenticates user access, using the
gatewayAdminPassword and
mdmPassword (for more information, see the
PowerFlex REST API Reference Guide).
REST authenticates user access, using the
AMSAdminPassword (for more information, see the
VxFlex Ready Node REST API Reference Guide).
REST feature enabler—access to the REST gateway can be blocked by configuring the
gatewayUser.properties file located on the
PowerFlex Gateway. The feature is enabled by default. For detailed information, see "Configuring the
PowerFlex Gateway by editing the user properties file", in the
Dell PowerFlex REST API Reference Guide.
SNMP:
SNMP—the SNMP trap sender can be enabled or disabled using one of the methods listed below. The feature is disabled by default. For detailed information, see the
Configure and Customize Dell PowerFlex.
During deployment (on Linux and Windows only)
Configuring the
gatewayUser.properties file located on the
PowerFlex Gateway.
Using the REST API
NOTE: OpenSSL 64-bit v1.0.2k-2l or v1.1.1i or higher is required for secure authentication. In Linux, this version of OpenSSL is only supported in CentOS and RHEL 6.5 or higher.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\