User Authentication
Internal Authentication and External Authentication are available as logon authentication methods. RADIUS
authentication can be used for External Authentication.
●
Internal Authentication
Internal Authentication is performed using the authentication function of the ETERNUS AF.
The following authentication functions are available when the ETERNUS AF is connected via a LAN using
operation management software.
•
User account authentication
User account authentication uses the user account information that is registered in the ETERNUS AF to
verify user logins. Up to 60 user accounts can be set to access the ETERNUS AF. Specifying a user policy
(Password Policy and Lockout Policy) for user accounts can strengthen the security of user account
authentications.
•
SSL authentication
ETERNUS Web GUI and SMI-S support HTTPS connections using SSL/TLS. Since data on the network is
encrypted, security can be ensured. Server certifications that are required for connection are automatically
created in the ETERNUS AF.
•
SSH authentication
Since ETERNUS CLI supports SSH connections, data that is sent or received on the network can be
encrypted. The server key for SSH varies depending on the ETERNUS AF. When the server certification is
updated, the server key is updated as well.
Password authentication and client public key authentication are available as authentication methods for
SSH connections.
The supported client public keys are shown below.
Table 33
Client Public Key (SSH Authentication)
Type of public key
Complexity (bits)
IETF style DSA for SSH v2
1024, 2048, and 4096
IETF style RSA for SSH v2
1024, 2048, and 4096
●
External Authentication
External Authentication uses the user account information (username, password, and role name) that is
registered on an external authentication server. RADIUS authentication is used to authenticate logins to
ETERNUS Web GUI or ETERNUS CLI and to authenticate connections to the ETERNUS AF via a LAN using
operation management software.
•
RADIUS authentication
RADIUS authentication uses the Remote Authentication Dial-In User Service (RADIUS) protocol to
consolidate authentication information for remote access.
An authentication request is sent to the RADIUS authentication server that is outside the ETERNUS system
network. The authentication method can be selected from CHAP and PAP. Two RADIUS authentication
servers (the primary server and the secondary server) can be connected to distribute user account
information and to create a redundant configuration. When the primary RADIUS server failed to
authenticate, the secondary RADIUS server attempts to authenticate.
2. Basic Functions
User Access Management
77
Design Guide
Содержание ETERNUS AF S3 Series
Страница 204: ......