Dell EMC Storage Systems Security Configuration Guide for the metro node appliance 7.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
1 Metro node overview Metro node virtualizes the data that is on storage arrays to create dynamic, distributed, and highly available data centers. Use metro node to: ● Move data non-disruptively between Dell EMC storage arrays and non-Dell EMC storage arrays without any downtime for the host. Metro node moves data transparently, and the virtual volumes retain the same identities and the same access points to the host. There is no need to reconfigure the host.
● Replace your tedious data movement and technology refresh processes with metro node’s patented simple, frictionless two-way data exchange between locations. ● Create an active-active configuration for the active use of resources at both sites. ● Provide instant access to data between data centers. metro node allows simple, frictionless two-way data exchange between locations. ● Combine metro node with virtual servers to enable private and hybrid cloud computing.
2 Security recommendations While the Security Configuration Guide must be reviewed in its entirety, this segment serves to check most important security recommendations of Dell EMC to ensure the security of your data and environment. ● Given the elevated permissions that are granted to the service account, its password must be changed to better protect metro node from misuse or abuse of those privileges.
3 Security configuration settings This section provides an overview of user accounts and privileges. Topics: • User roles, accounts, and privileges User roles, accounts, and privileges Table 1. Metro node user accounts and privileges Component Account Type Default password Privileges Metro node service - ● Access to the metro node management server desktop, VPlexcli, and Unisphere for metro node UI. ● Run permissions for VPlexcli related scripts. ● Ability to run VPlexcli commands.
4 Configuring user authentication Metro node customers can choose to configure their user accounts using either: ● An external OpenLDAP or Active Directory server which integrates with UNIX using Service for UNIX 3.5, Identity Management for UNIX, or other authentication service. OpenLDAP and Active Directory users are authenticated by the server. Usernames and passwords that are created on an external server are fetched from the remote system to the metro node system each time they are used.
NOTE: If you do not have shell access, you can only access a single directory when uploading and downloading files. LDAP/AD user authentication For the metro node access to LDAP/AD users, see the Authenticate Service Directory document available in SolVe.
5 Manage user accounts Topics: • • • • • Adding user accounts View user account details Changing passwords Resetting passwords Deleting user accounts Adding user accounts About this task NOTE: In a metro node Metro configuration, metro node CLI accounts created on one management server are not propagated to the second metro node management server. The user list command displays only those accounts that are configured on the local metro node management server, not both server.
Changing passwords Any user can change his/her own password as follows: Steps 1. Launch PuTTY (or a similar SSH client), and establish a connection to the public IP address of the metro node management server. 2. Log in with the applicable username. 3. From the Linux shell prompt, type this command to connect to the VPlexcli: vplexcli 4. Log in with username admin. 5. From the VPlexcli prompt, type the following command: user passwd -u username a. When prompted, type the old password. b.
5. From the VPlexcli prompt, type the following command: user remove -u username When prompted, type the admin account password.
6 Log file settings This section describes log files relevant to security. Log file location Table lists the name and location of metro node component log files relevant to security. Table 2. Metro node component log files Component Location Unisphere for metro node /var/log/VPlex/cli/session.log_username Software management server /var/log/messages Firewall /var/log/firewall Log file management and retrieval All logs rotate automatically, to avoid unbounded consumption of disk space.
7 Communication security settings This section describes the communication security settings that enable you to establish secure communication channels between metro node components, as well as metro node components and external systems. Topics: • IP WAN COM IP WAN COM A metro node Metro system does not support native encryption over an IP WAN-COM link.
Index I IP WAN COM 13 O Overview 7 R role-based access control 7 roles 6
