EMC Celerra Version 5.6 Technical Primer: Control Station Password Complexity Policy Technology Concepts and Business Considerations



Similar documents
EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support

Using Windows Administrative Tools on VNX

EMC Celerra Network Server

Installing Management Applications on VNX for File

EMC ViPR Controller. Version 2.4. User Interface Virtual Data Center Configuration Guide REV 01 DRAFT

Domain Management with EMC Unisphere for VNX

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

NTP Software File Auditor for NAS, EMC Edition

Isilon OneFS. Version 7.2. OneFS Migration Tools Guide

Isilon OneFS. Version OneFS Migration Tools Guide

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Using Group Policy to Manage and Enforce ACL on VNX for File P/N REV A01 February 2011

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Replicating VNXe3100/VNXe3150/VNXe3300 CIFS/NFS Shared Folders to VNX Technical Notes P/N h REV A01 Date June, 2011

Configuring Load Balancing for EMC ViPR SRM

eg Enterprise v5.2 Clariion SAN storage system eg Enterprise v5.6

Greenplum Database (software-only environments): Greenplum Database (4.0 and higher supported, or higher recommended)

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

NTP Software File Reporter Analysis Server

How To Configure Vnx (Vnx) On A Windows-Only Computer (Windows) With A Windows 2.5 (Windows 2.2) (Windows 3.5) (Vnet) (Win

EMC Backup and Recovery for Microsoft SQL Server 2008 Enabled by EMC Celerra Unified Storage

EMC DOCUMENTUM xplore 1.1 DISASTER RECOVERY USING EMC NETWORKER

Security Configuration Guide P/N Rev A05

EMC VNX Series: Introduction to SMB 3.0 Support

Technical Notes P/N Rev 01

EMC VoyenceControl Integration Module. BMC Atrium Configuration Management Data Base (CMDB) Guide. version P/N REV A01

SMTP POP3 SETUP FOR EMC DOCUMENTUM eroom

Integration Module for BMC Remedy Helpdesk

Version 9. Active Directory Integration in Progeny 9

REMOTE KEY MANAGEMENT (RKM) ENABLEMENT FOR EXISTING DOCUMENTUM CONTENT SERVER DEPLOYMENTS

Remote Installation of VMware ESX Server Software Using Dell Remote Access Controller

IBM WEBSPHERE LOAD BALANCING SUPPORT FOR EMC DOCUMENTUM WDK/WEBTOP IN A CLUSTERED ENVIRONMENT

Deploying EMC Documentum WDK Applications with IBM WebSEAL as a Reverse Proxy

EMC Data Protection Search

Configuration Guide. SafeNet Authentication Service AD FS Agent

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

EMC UNISPHERE FOR VNXe: NEXT-GENERATION STORAGE MANAGEMENT A Detailed Review

Configuring Celerra for Security Information Management with Network Intelligence s envision

Importing data from Linux LDAP server to HA3969U

EMC Symmetrix Data at Rest Encryption

EMC Documentum Content Management Interoperability Services

DEPLOYING WEBTOP 6.8 ON JBOSS 6.X APPLICATION SERVER

Data Collection Agent for NAS EMC Isilon Edition

XMS FULLY AUTOMATED PROVISIONING: SERVER CONFIGURATION AND QUICK START GUIDE

EMC Data Domain Management Center

EMC NetWorker. Licensing Guide. Release 8.0 P/N REV A01

Enterprise Deployment of the EMC Documentum WDK Application

EMC CLARiiON Secure Remote Support Solutions Technical Notes P/N REV A03 October 5, 2010

DEPLOYING EMC DOCUMENTUM BUSINESS ACTIVITY MONITOR SERVER ON IBM WEBSPHERE APPLICATION SERVER CLUSTER

EMC Documentum Connector for Microsoft SharePoint

Acronis Storage Gateway

TelePresence Migrating TelePresence Management Suite (TMS) to a New Server

Data Collection Agent for Active Directory

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter

EMC CENTERA VIRTUAL ARCHIVE

ENABLING SINGLE SIGN-ON FOR EMC DOCUMENTUM WDK-BASED APPLICATIONS USING IBM WEBSEAL ON AIX

Use QNAP NAS for Backup

EMC AVAMAR 6.0 GUIDE FOR IBM DB2 P/N REV A01 EMC CORPORATION CORPORATE HEADQUARTERS: HOPKINTON, MA

Release Notes P/N e

SolarWinds Technical Reference

IDENTITIES, ACCESS TOKENS, AND THE ISILON ONEFS USER MAPPING SERVICE

Privileged Account Access Management: Why Sudo Is No Longer Enough

NTP Software File Auditor

EMC ViPR Controller. ViPR Controller REST API Virtual Data Center Configuration Guide. Version

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

How To Use Networker With Orgsap With Orgos.Org Software On A Powerbook (Orchestra) On A Networkor (Orroboron) With An Ipa (Ororor) With A Networker

Password Management Guide

IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE

File Auditor for NAS, Net App Edition

Desktop Web Access Single Sign-On Configuration Guide

NTP Software QFS for NAS, NetApp Edition Installation Guide

Secure Configuration Guide

DIGIPASS Authentication for Windows Logon Product Guide 1.1

Working with the Cognos BI Server Using the Greenplum Database

EMC Clinical Archiving

Administration Quick Start

Centrify-Enabled Samba

AX4 5 Series Software Overview

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

Process Integrator Deployment on IBM Webspher Application Server Cluster

How To Secure An Rsa Authentication Agent

EMC Replication Manager and Kroll Ontrack PowerControls for Granular Recovery of SharePoint Items

FILE SYSTEM AUDITING WITH EMC ISILON AND EMC COMMON EVENT ENABLER

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

PROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM

TROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Synology NAS Server Windows ADS FAQ

Audit Management for EMC Documentum Web Development Kit 6.7-based Applications

Symantec Critical System Protection Agent Guide

Syncplicity On-Premise Storage Connector

EMC VMAX3 DATA AT REST ENCRYPTION

NovaBACKUP xsp Version 15.0 Upgrade Guide

Technical Note. Performing Exchange Server Granular Level Recovery by using the EMC Avamar 7.1 Plug-in for Exchange VSS with Ontrack PowerControls

Subversion Server for Windows

Server Installation ZENworks Mobile Management 2.7.x August 2013

Plexxi Control Installation Guide Release 2.1.0

By the Citrix Publications Department. Citrix Systems, Inc.

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Transcription:

EMC Celerra Version 5.6 Technical Primer: Control Station Password Complexity Policy Technology Concepts and Business Considerations Abstract This white paper presents a high-level overview of the EMC Celerra version 5.6 feature that enables an administrator to specify the level of password complexity required for passwords set on local Control Station user accounts. September 2008

Copyright 2008 EMC Corporation. All rights reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com All other trademarks used herein are the property of their respective owners. Part Number H5774 Technology Concepts and Business Considerations 2

Table of Contents Executive summary...4 Business problem... 4 Technical problem... 4 Feature introduction... 4 What s new... 4 Introduction...4 Audience... 5 Terminology... 5 Detailed overview...5 Architecture... 5 Limitations... 5 Compatibility with earlier releases... 6 Conclusion...6 References...6 Technology Concepts and Business Considerations 3

Executive summary Efficient management of account passwords is a challenge for any organization. To maintain data security and integrity, organizations must enforce policies that require users to create complex passwords that are changed frequently. EMC Celerra Network Server version 5.6 addresses this need with the introduction of an administrator password complexity policy, which enhances Control Station security and prevents data misuse. Business problem Companies, governments, educational institutions, and other organizations are extremely concerned with maintaining the integrity of their data. This is a direct result of the increase in regulations affecting data and the ever-increasing public scrutiny, financial risk, and legal consequences caused by the loss of sensitive data. Consequently, information security policies now dictate specific password complexity requirements in an effort to ensure password quality. Such policies are important to secure both IT infrastructure and end-user systems. Technical problem IT organizations demand that the products they purchase efficiently enforce password complexity policies and expiration periods. If products do not support this feature, these organizations have no other means to enforce secure passwords. The deeper the product fits into an organization s infrastructure, the more critical it is to enforce secure passwords. Storage, of course, is a core infrastructure component. Feature introduction Celerra version 5.6 allows administrators to enforce password complexity policies for Control Station local administrative user accounts. A standard Linux mechanism is used to enforce the policy, and new tools have been implemented to manage policy configuration. What s new The Control Station password complexity feature is entirely new. Previous releases required Linux expertise to implement password complexity policies. Rather than attempt to document the complex sequence of steps required to set up these policies, the Control Station code was enhanced to introduce the nas_config CLI command, which enables administrators to set Control Station account password complexity policies. There is now a stricter default password quality policy in place. Unless the default Linux configuration has been modified, this new default password policy will be applied when you upgrade to version 5.6. The Celerra Security Configuration Guide provides more details about this policy. Introduction This paper details the new password complexity policy feature introduced in Celerra version 5.6. Topics covered include: Architecture, including default values Limitations Compatibility with older releases Technology Concepts and Business Considerations 4

Audience This white paper is intended for customers, including IT planners, storage architects, administrators, and any others involved in evaluating, acquiring, managing, operating, or designing an EMC networked storage environment. Terminology command line interface (CLI) Interface for entering commands through the Control Station to perform tasks that include the management and configuration of the database and Data Movers and the monitoring of statistics for the Celerra cabinet components. Common Interface File System (CIFS) File-sharing protocol based on the Microsoft Server Message Block (SMB). It allows users to share file systems over the Internet and intranets. Control Station Hardware and software component of the Celerra Network Server that manages the system and provides the user interface to all Celerra components. Data Mover In a Celerra Network Server, a cabinet component running its own operating system that retrieves files from a storage device and makes them available to a network client. This is also referred to as a blade. A Data Mover is sometimes internally referred to as DART because DART is the software running on the platform. Network Information Service (NIS) Distributed data lookup service that shares user and system information across a network, including usernames, passwords, home directories, groups, hostnames, IP addresses, and netgroup definitions. Detailed overview Architecture You can configure Control Station password complexity requirements with the /nas/sbin/nas_config CLI command. To do this, you must use either an interactive prompt or command line options. The Celerra Security Configuration Guide provides more details about this feature. The password complexity policy is enforced through standard Linux pluggable authentication module (PAM) mechanisms. This feature uses widely available open-source PAM modules, and not custom modules. Password changes are logged to /var/log/secure on the Control Station. The default values enforced in the new password policy are as follows: Minimum password length: Eight Minimum number of new characters (that is, those not in the previous password): Three Minimum number of digits: One Minimum number of special characters: Zero Minimum number of uppercase characters: Zero Minimum number of lowercase characters: Zero Number of attempts at setting the password before the operation fails: Three Limitations The password complexity policy does not apply to Data Mover CIFS server local accounts or Control Station NIS/yp accounts. (The use of NIS/yp on the Control Station is not recommended.) You must be logged in as the root user to set the password complexity policy. Technology Concepts and Business Considerations 5

The password complexity policy does not apply to a root user. The password complexity policy comes into effect only when a password is changed; changes to the policy do not retroactively apply to existing passwords. Celerra Manager does not support management of the password complexity policy in version 5.6. However, password complexity requirements apply to passwords set through Celerra Manager. Compatibility with earlier releases This functionality is contained within the Celerra on which it is configured, and it does not interact with other Celerras. Therefore, no compatibility concerns exist. Earlier releases use the authentication mechanisms supported in those releases. Conclusion The password complexity policy feature addresses a key business concern and significantly enhances Celerra security. It provides administrators with the tools required to protect their systems from unauthorized access. References Name: Celerra Security Configuration Guide Type: Technical Publication URL: See the Celerra Network Server Documentation CD Version 5.6 Audience: Customer Technical Depth: High Name: Celerra Network Server Command Reference Manual Type: Technical Publication URL: See the Celerra Network Server Documentation CD Version 5.6 Audience: Customer Technical Depth: High Name: nas_config man page Type: Technical Publication (Help System) URL: Run man nas_config on the CLI Audience: Customer Technical Depth: High Technology Concepts and Business Considerations 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information