Remote authentication
Remote authentication allows users to authenticate to the system that uses credentials that are stored on an external authentication service. When you configure remote authentication, you do not need to configure users on the system or assign more passwords. Instead, you can use your existing passwords and user groups that are defined on the remote service to simplify user management and access to enforce password policies more efficiently, and to separate user management from storage management.
- LDAP server.
- Copy Services Manager (CSM) as a proxy for an LDAP server.
- Multi-factor authentication (MFA) with RSA SecurID Authentication Manager.
- Multi-factor authentication with Direct LDAP+RSA SecurID Authentication Manager.
Remote authentication with LDAP
- LDAP server name and port number.
- User and groups base for Distinguished Name (DN) lookup.
- A bind user DN and password if Simple authentication is used.
- Username attribute for logging in.
- Group name attribute and group membership attribute.
You can export and import a file that contains the configuration settings for a remote authentication policy that uses a direct LDAP connection.
The IBM® LDAP Authentication for IBM DS8000 Systems Redbooks at https://www.redbooks.ibm.com/abstracts/redp5460.html provides additional information on remote authentication with LDAP.
Remote authentication with Copy Services Manager
For remote authentication, you can use the HMC embedded CSM instance or a CSM instance that is installed on an independent distributed server. The IBM Copy Services Manager Implementation Guide Redbooks at https://www.redbooks.ibm.com/abstracts/sg248375.html provides additional information on Copy Services Manager.
Remote authentication with multi-factor authentication- RSA SecurID Authentication Manager
In remote authentication with MFA, the verification of all authentication factors is delegated to the MFA server. The supported system is RSA SecurID Authentication Manager.
Remote authentication with multi-factor authentication- Direct LDAP+RSA SecurID Authentication Manager
In remote authentication with a direct connection to LDAP server and RSA SecurID Authentication Manager, the DS8000® is configured for the first factor authentication on an LDAP server and the second factor authentication on the MFA server.
To configure DS8000 storage system for remote authentication, see the topic titled Using remote authentication in the latest version of DS8900 documentation.