- Notes, cautions, and warnings
- Preface
- Introduction
- Access Control
- Access control settings
- Security for management access
- Authentication
- Authorization
- Component access controls
- Data security settings
- Password policy
- Physical security controls
- Login banner and message of the day
- Logging
- Communication Security
- Communication security settings
- Port usage
- Ports used by Unisphere components on VNX for block
- How VNX for file works on the network
- Network encryption
- Management support for TLS communications on VNX2 systems
- SSL certificates
- Planning considerations for Public Key Infrastructure on VNX for file
- IP packet reflect on VNX for file systems
- Effect of filtering management network
- vSphere Storage API for Storage Awareness (VASA) support
- Special configurations
- Secure Remote Procedure Call
- Other security considerations
- Data Security Settings
- Data at Rest Encryption overview
- Data at Rest Encryption feature activation
- Encryption status
- Backup keystore file
- Data in place upgrade
- Hot spare operations
- Adding a disk drive to a VNX with encryption activated
- Removing a disk drive from a VNX with encryption enabled
- Replacing a chassis and SPs from a VNX with encryption enabled
- Security Maintenance
- Advanced Management Capabilities
- Secure deployment and usage settings
- TLS cipher suites
- LDAP-based directory server configuration
- VNX for file CLI role-based access
- VNX for file CLI security configuration operations
- Configuring password policy
- Configuring session timeout
- Protect session tokens
- Configuring network encryption and authentication using the SSL protocol
- Configuring PKI
- Creating the certificate provided by the persona
- Using the Control Station as the CA
- Obtaining CA certificates
- Generate a key set and certificate request
- Send the certificate request to the CA
- Import a CA-signed certificate
- List the available CA certificates
- Acquire a CA certificate
- Import a CA certificate
- Generate a new Control Station CA certificate
- Display the certificate
- Distribute the Control Station CA certificate
- Request and Install Customer-Supplied Certificates for Control Station
- Managing PKI
- Customize a login banner
- Create a MOTD
- Restrict anonymous root login
- Locking accounts after a specific number of failed logins
- VNX for block SSL certificate import
EMC® VNX® Series Security Configuration Guide for VNX
Authentication with LDAP or Active Directory
The storage management server can authenticate users against directory servers, such as Active Directory (Active Directory is Microsoft's directory server), using LDAP or LDAPS. Authentication against an LDAP server simplifies management because you do not need a separate set of credentials for VNX storage system management. It is also more secure because enterprise password policies can be enforced identically for the storage environment and the server environment.
Managing an LDAP Domain (file/unified and block)
In a VNX domain, the same LDAP server is used for both file/unified and block setup. To manage an LDAP domain, log in to Unisphere and use All Sysems > Domains > Users (task list) > Manage LDAP Domain to define server connections, accept or validate the related certificates, and map user group roles. As an alternative method, you can select a system, and then use Settings > Security Settings (task list) > Manage LDAP Domain. After this one-time setup, logins to Unisphere or CLI can be authenticated with an LDAP account. For more information about how to set up connection to an LDAP server, refer to the Unisphere online help.
Managing an LDAP Domain (gateway)
To manage an LDAP configuration for a VNX gateway system, log in to Unisphere and select your system, and then use Settings > Security Settings (task list) > Manage LDAP Domain to configure the Control Station so it can access the LDAP-based directory server. For more information about how to set up connection to an LDAP server, refer to the Unisphere online help.
After this one-time setup, where Unisphere is configured with connection information for the LDAP server and Unisphere roles are mapped to LDAP groups, logins to Unisphere or CLI can be authenticated with an LDAP account. For a VNX gateway system, LDAP configuration information is specific to the VNX gateway system and is not replicated to any other system.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\