2.
Basic Functions
User Access Management
User Authentication
Internal Authentication and External Authentication are available as logon authentication methods.
RADIUS authentication can be used for External Authentication.
The user authentication functions described in this section can be used when performing storage
management and operation management, and when accessing the ETERNUS DX via operation
management LAN.
●
Internal Authentication
Internal Authentication is performed using the authentication function of the ETERNUS DX.
The following authentication functions are available when the ETERNUS DX is connected via a LAN
using operation management software.
•
User account authentication
User account authentication uses the user account information that is registered in the ETERNUS
DX to verify user logins. Up to 60 user accounts can be set to access the ETERNUS DX.
SSL authentication
•
ETERNUS Web GUI and SMI-S support HTTPS connections using SSL/TLS. Since data on the net-
work is encrypted, security can be ensured. Server certifications that are required for connection
are automatically created in the ETERNUS DX.
SSH authentication
•
Since ETERNUS CLI supports SSH connections, data that is sent or received on the network can
be encrypted. The server key for SSH varies depending on the ETERNUS DX. When the server
certification is updated, the server key is updated as well.
Password authentication and client public key authentication are available as authentication
methods for SSH connections.
The supported client public keys are shown below.
Table 25 Client Public Key (SSH Authentication)
Type of public key
IETF style DSA for SSH v2
IETF style RSA for SSH v2
●
External Authentication
External Authentication uses the user account information (user name, password, and role name)
that is registered on an external authentication server. RADIUS authentication supports ETERNUS
Web GUI and the ETERNUS CLI login authentication for the ETERNUS DX, and authentication for
connections to the ETERNUS DX through a LAN using operation management software.
RADIUS authentication
•
RADIUS authentication uses the Remote Authentication Dial-In User Service (RADIUS) protocol to
consolidate authentication information for remote access.
An authentication request is sent to the RADIUS authentication server that is outside the ETER-
NUS system network. The authentication method can be selected from CHAP and PAP. Two RA-
DIUS authentication servers (the primary server and the secondary server) can be connected to
balance user account information and to create a redundant configuration. When the primary RA-
DIUS server failed to authenticate, the secondary RADIUS server attempts to authenticate.
Fujitsu Storage ETERNUS DX100 S4/DX200 S4, ETERNUS DX100 S3/DX200 S3 Hybrid Storage Systems Design Guide (Basic)
Complexity (bits)
1024, 2048, and 4096
1024, 2048, and 4096
72
Copyright 2023 Fujitsu Limited
P3AM-7642-32ENZ0