More Information For Service And Upgrade Of The Storage System; Accounts And Credentials For Service And Upgrade; Time-Based Password (Strong Password); Encryption-Based Password (Strong Password) - HPE 3PAR StoreServ 7000 Storage Service And Upgrade Manual

Customer edition

Hide thumbs Also See for 3PAR StoreServ 7000 Storage:

Software user's manual (73 pages)

Customer self install manual (104 pages)

Service and upgrade manual (174 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

Table of Contents

More information for service and upgrade of

the storage system

Accounts and credentials for service and upgrade

IMPORTANT:

There are separate accounts for access to the storage system or the service processor. The

account options and type of password vary based on the version of the software installed for the

storage system and the version of the software installed on the service processor.

•

Beginning with HPE 3PAR SP 5.x for the service processor, time-based or encryption-based

passwords are implemented for the support accounts used with the SP.

•

Beginning with HPE 3PAR OS 3.2.2 for the storage system, time-based or encryption-based

passwords are implemented for the support accounts used with the storage system.

Time-based password (strong password)

With the time-based password option, the Hewlett Packard Enterprise Support person or authorized

service provider can acquire the account password when needed without the involvement of the

administrator. The time-based password is generated using strong cryptographic algorithms and large key

sizes, is valid for 60 minutes, and is automatically regenerated at the start of each hour.

During the service, upgrade, or diagnostic procedure, the account password remains active until logging

out of the account, even if 60 minutes is exceeded. During the procedure, if it is necessary to log out of

the account and then log back in to the account (for example, closing the session or rebooting a

Controller Node), do either of the following:

•

Within the same hour, use the same password.

•

If a new hour has started, obtain a newly generated password.

Encryption-based password (strong password)

With the encryption-based (ciphertext) password option, the administrator initiates the generation or

regeneration of account ciphertext that is copied and provided to the authorized service provider. The

authorized service provider decrypts the ciphertext to obtain the account password that they will use for

the service, upgrade, or diagnostic procedure. The password does not expire. After the service, upgrade,

or diagnostic procedure is completed, the administrator may regenerate a new ciphertext to make the

current password invalid. Only the administrator initiates the generation or regeneration of the account

ciphertext for a new password.

HPE 3PAR Service Processor accounts for service and upgrade

For access to the HPE 3PAR Service Processor (SP) interfaces, there are the following account options

for the administrator or for Hewlett Packard Enterprise Support personnel and authorized service

providers. Based on the account, there are differences in the access it provides to the HPE 3PAR SP

interfaces, the type of password options, and the permissions associated with the account.