1.
Function
User Access Management
User Authentication
Internal Authentication and External Authentication are available as logon authentication methods. RADIUS au-
thentication can be used for External Authentication.
The user authentication functions described in this section can be used when performing storage management
and operation management, and when accessing the ETERNUS AF via operation management LAN.
●
Internal Authentication
Internal Authentication is performed using the authentication function of the ETERNUS AF.
The following authentication functions are available when the ETERNUS AF is connected via a LAN using opera-
tion management software.
User account authentication
•
User account authentication uses the user account information that is registered in the ETERNUS AF to verify
user logins. Up to 60 user accounts can be set to access the ETERNUS AF.
SSL authentication
•
ETERNUS Web GUI and SMI-S support HTTPS connections using SSL/TLS. Since data on the network is encrypted,
security can be ensured. Server certifications that are required for connection are automatically created in the
ETERNUS AF.
SSH authentication
•
Since ETERNUS CLI supports SSH connections, data that is sent or received on the network can be encrypted.
The server key for SSH varies depending on the ETERNUS AF. When the server certification is updated, the serv-
er key is updated as well.
Password authentication and client public key authentication are available as authentication methods for SSH
connections.
The supported client public keys are shown below.
Table 27 Client Public Key (SSH Authentication)
Type of public key
IETF style DSA for SSH v2
IETF style RSA for SSH v2
●
External Authentication
External Authentication uses the user account information (user name, password, and role name) that is regis-
tered on an external authentication server. RADIUS authentication supports ETERNUS Web GUI and the ETERNUS
CLI login authentication for the ETERNUS AF, and authentication for connections to the ETERNUS AF through a
LAN using operation management software.
•
RADIUS authentication
RADIUS authentication uses the Remote Authentication Dial-In User Service (RADIUS) protocol to consolidate
authentication information for remote access.
An authentication request is sent to the RADIUS authentication server that is outside the ETERNUS system net-
work. The authentication method can be selected from CHAP and PAP. Two RADIUS authentication servers (the
primary server and the secondary server) can be connected to balance user account information and to create
a redundant configuration. When the primary RADIUS server failed to authenticate, the secondary RADIUS
server attempts to authenticate.
FUJITSU Storage ETERNUS AF250 S2, ETERNUS AF250 All-Flash Arrays Design Guide (Basic)
Copyright 2019 FUJITSU LIMITED
Complexity (bits)
1024, 2048, and 4096
1024, 2048, and 4096
73
P3AG-1822-09ENZ0