Table of Contents
Advertisement
Access Control
Storage system SP Ethernet service port and IPMItool
EMC Unity All Flash, EMC Unity Hybrid, EMC UnityVSA 4.0 Security Configuration Guide
16
Sessions
The storage system SSH service interface sessions are maintained according to the
settings established by the SSH client. Session characteristics are determined by the
SSH client configuration settings.
Password usage
The service account is an account that service personnel can use to perform basic
Linux commands.
The default password for the storage system service interface is service. When you
perform initial configuration for the storage system, you must change the default
service password. Password restrictions are the same as those that apply to
Unisphere management accounts (see
on the storage system service command, svc_service_password, used to manage
the password settings for the storage system service account, see the technical notes
document, Service Commands .
Authorization
As shown in
Table 7
on page 16, authorization for the service account is defined in
two ways.
Table 7 Service account authorization definitions
Authorization type Description
Linux file system
File system permissions define most of the tasks that the service
permissions
account can and cannot perform on the storage system. For example,
most Linux tools and utilities that modify system operation in any way
require superuser account privileges. Since the service account does
not have such access rights, the service account cannot use Linux
tools and utilities to which it does not have execute permissions and
cannot edit configuration files that require root access to read or
modify, or both.
Access control lists
The ACL mechanism on the storage system uses a list of very specific
(ACLs)
rules to explicitly grant or deny access to system resources by the
service account. These rules specify service account permissions to
other areas of the storage system that are not otherwise defined by
standard Linux file system permissions.
Storage system service commands
A set of problem diagnostic, system configuration, and system recovery commands
are installed on the storage system's operating environment (OE). These commands
provide an in-depth level of information and a lower level of system control than is
available through Unisphere. The technical notes document, Service Commands ,
describes these commands and their common use cases.
Your storage system provides console access over an Ethernet service port that is on
each SP. This access requires the use of the IPMItool. The IPMItool is a network tool
similar to ssh or telnet that interfaces with each SP over an Ethernet connection by
using the IPMI protocol. The IPMItool is a Windows utility that negotiates a secure
communication channel to access the SP console of a storage system. This utility
requires login credentials and an IP address to activate the console. For more
information about the IPMItool, see the IPMItool User Guide Technical Notes .
Password usage
on page 12). For information
Hide quick links:
Advertisement
Table of Contents
