User authentication, Controlling user role – HP XP P9500 Storage User Manual
Page 49
When executing a command using the in-band method, set an LU path in a configuration definition
file and create a command device. The command device in the storage system specified by the
LU path accepts the command from the client, and executes the operation instruction.
When executing a command using the out-of-band method, create a virtual command device. The
virtual command device is created by specifying an IP address of the SVP, a UDP communication
port number, and a storage system unit number in the configuration definition file.
See ??? for details of the contents to be defined to HORCM_CMD.
User authentication
RAID Manager allows user authentication by using the user information managed by Remote Web
Console and the SVP.
User authentication is arbitrary in the Replication operation in the in-band method while the operation
by user authentication is mandatory in the configuration information operation and in the out-of-band
method.
To enable the user authentication function, the user authentication mode of the command device
accessed by RAID Manager must be enabled.
The user authentication function inputs a login command from the client (server) and, to authenticate
the user ID and password sent from RAID Manager and the same types of information maintained
by the storage system, issues an authentication request to the authentication module (SVP).
If the user ID and password sent from RAID Manager are authenticated, RAID Manager, for the
once authenticated user (the user on the client starting up RAID Manager), stores the user ID and
password. This saves the necessity of inputting the user ID and password each time a command
is executed. If the user logs out, the user ID and password stored by RAID Manager are deleted.
If the user ID and password are different, the command is rejected and RAID Manager automatically
performs the logout processing for it, and requires the user authentication processing (user ID and
password input) again.
NOTE:
•
The only function that can be used if the user authentication function is disabled is the
Replication function (replication command). If the user authentication function is disabled, the
Provisioning function (configuration setting command) cannot be used.
•
If specific user information or authority information is changed, delete the user ID and password
maintained by the storage system from the SVP. Therefore, perform the user authentication
processing on RAID Manager again.
•
If the communication with the SVP in the out-band method cannot be performed, the new
authentication cannot be performed.
Command operation authority and user authentication
If RAID Manager is operated with the user authentication function enabled, commands are executed
complying with the operation authority managed by Remote Web Console and the SVP.
Controlling User Role
RAID Manager verifies whether or not the user executing the command on the host was already
authenticated by checking the command device being in the authentication mode. After that, RAID
Manager obtains the execution authority of the command that is configured on the user role, and
then compares the relevant command and the execution authority.
User authentication
49