Reference Guide
Table Of Contents
- Dell EMC PowerStore Security Configuration Guide
- Contents
- Additional Resources
- Authentication and access
- Hardware root of trust
- Authenticating and Managing User Accounts, Roles, and Privileges
- Certificates
- Secure communication between PowerStore appliances within a cluster
- Secure communication for replication and data import
- vSphere Storage API for Storage Awareness support
- CHAP authentication
- Configuring CHAP
- External SSH access
- Configuring external SSH access
- NFS secure
- Security on file system objects
- File systems access in a multiprotocol environment
- Understanding Common AntiVirus Agent (CAVA)
- Code signing
- Communication security settings
- Auditing
- Data security settings
- Secure serviceability settings
- Operational description of SupportAssist
- SupportAssist options
- SupportAssist Connect via Gateway option
- SupportAssist Connect Directly option
- Requirements for SupportAssist Connect via Gateway
- Requirements for SupportAssist Connect Directly
- Configuring SupportAssist
- Configure SupportAssist
- CloudIQ
- Cybersecurity
- Security Alert Settings
- TLS cipher suites
- Directory Services
After you configure LDAP settings for the system, you can manage users and user groups, within the context of an
established LDAP directory structure. For instance, you can assign access roles (Administrator, Storage Administrator, Security
Administrator, Operator, VM administrator) to the LDAP user or groups. The role applied will determine the level of authorization
the user or group will have in administering the storage system. The system uses the LDAP settings only for facilitating control
of access to PowerStore Manager, RESTful API or CLI, not for access to storage resources.
Factory default management
Your appliance comes with factory default user account settings to use when initially accessing and configuring the appliance.
During initial configuration, the default passwords must be changed so that the system can become fully operational. The
password change is set before the cluster is created.
NOTE: With releases 1.0.x, it is recommended that you initially configure PowerStore using PowerStore Manager rather
than using the API, CLI, or Service Scripts interfaces. It ensures that all the default passwords are changed. With releases
2.x, the default passwords must be changed during initial configuration, however, the API, CLI, or Service Scripts interfaces
can be used as well as PowerStore Manager.
Table 1. Factory default user account settings
Account type Username Password Privileges
System management
admin Password123#
Administrator privileges used to reset default
passwords, configuring appliance settings, and
managing user accounts.
Service
service service
Used to perform service operations.
NOTE: The service user exists for secure
shell (SSH) access. However, you cannot log
in to PowerStore Manager using the service
user.
Session rules
Sessions on the cluster have the following characteristics:
● Expiration term of one hour.
NOTE: User is automatically logged off the cluster after session inactivity of one hour.
● The session timeout is not configurable.
Username and password usage
NOTE:
The appliance does not manage LDAP user passwords. LDAP user password management can only be done by the
LDAP directory server.
System account usernames must meet the following requirements:
Restriction
Username requirement
Structure Must start and end with an alphanumeric character.
Case All usernames are case-insensitive
Minimum number of alphanumeric characters 1
Maximum number of alphanumeric characters 64
Supported special characters . (dot)
System account passwords must meet the following requirements:
Authentication and access
7