User Authentication
Internal Authentication and External Authentication are available as logon authentication methods. RADIUS
authentication can be used for External Authentication.
●
Internal Authentication
Internal Authentication is performed using the authentication function of the ETERNUS DX.
The following authentication functions are available when the ETERNUS DX is connected via a LAN using
operation management software.
•
User account authentication
User account authentication uses the user account information that is registered in the ETERNUS DX to
verify user logins. Up to 60 user accounts can be set to access the ETERNUS DX. Specifying a user policy
(Password Policy and Lockout Policy) for user accounts can strengthen the security of user account
authentications.
•
SSL authentication
ETERNUS Web GUI and SMI-S support HTTPS connections using SSL/TLS. Since data on the network is
encrypted, security can be ensured. Server certifications that are required for connection are automatically
created in the ETERNUS DX.
•
SSH authentication
Since ETERNUS CLI supports SSH connections, data that is sent or received on the network can be
encrypted. The server key for SSH varies depending on the ETERNUS DX. When the server certification is
updated, the server key is updated as well.
Password authentication and client public key authentication are available as authentication methods for
SSH connections.
The supported client public keys are shown below.
Table 41
Client Public Key (SSH Authentication)
Type of public key
Complexity (bits)
IETF style DSA for SSH v2
1024, 2048, and 4096
IETF style RSA for SSH v2
1024, 2048, and 4096
●
External Authentication
External Authentication uses the user account information (username, password, and role name) that is
registered on an external authentication server. RADIUS authentication is used to authenticate logins to
ETERNUS Web GUI or ETERNUS CLI and to authenticate connections to the ETERNUS DX via a LAN using
operation management software.
•
RADIUS authentication
RADIUS authentication uses the Remote Authentication Dial-In User Service (RADIUS) protocol to
consolidate authentication information for remote access.
An authentication request is sent to the RADIUS authentication server that is outside the ETERNUS system
network. The authentication method can be selected from CHAP and PAP. Two RADIUS authentication
servers (the primary server and the secondary server) can be connected to distribute user account
information and to create a redundant configuration. When the primary RADIUS server failed to
authenticate, the secondary RADIUS server attempts to authenticate.
2. Basic Functions
User Access Management
90
Design Guide
Summary of Contents for ETERNUS DX S5 Series
Page 335: ......