Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management Upon completion of this module, you should be able to: List.

Slides:



Advertisements
Similar presentations
Copyright © 2014 EMC Corporation. All Rights Reserved. Linux Host Installation and Integration for Block Upon completion of this module, you should be.
Advertisements

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Lesson 17: Configuring Security Policies
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
Copyright © 2014 EMC Corporation. All Rights Reserved. Data Mover Failover Upon completion of this module, you should be able to: Data Mover Failover Test.
Module 5: Configuring Access for Remote Clients and Networks.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.
Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.
Understanding Active Directory
VMware vCenter Server Module 4.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Overview What is SQL Server? Creating databases Administration Security Backup.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
Module 10 Configuring and Managing Storage Technologies.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.

Module 13: Configuring Availability of Network Resources and Content.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Using Windows Firewall and Windows Defender
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Creating a Web Site to Gather Data and Conduct Research.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
Module 7: Fundamentals of Administering Windows Server 2008.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
TxEIS Security A role-based solution October 2010.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Guide to Linux Installation and Administration, 2e1 Chapter 10 Managing System Resources.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Overview Managing a DHCP Database Monitoring DHCP
1 Week #10Business Continuity Backing Up Data Configuring Shadow Copies Providing Server and Service Availability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Copyright © 2014 EMC Corporation. All Rights Reserved. Managing Host Access to Storage Upon completion of this module, you should be able to: Explain Access.
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
1 Chapter Overview Defining Operators Creating Jobs Configuring Alerts Creating a Database Maintenance Plan Creating Multiserver Jobs.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
Module 8: Managing Software Distribution. Collections Packages Programs Advertisements Collections Packages Programs Advertisements How Software.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
Managing File Resource Using File Server Resource Manager Chapter 9 Advance Computer Network Lecture Sorn Pisey
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.
19 Copyright © 2008, Oracle. All rights reserved. Security.
SQL Database Management
Guide to Operating Systems, 5th Edition
Module Overview Installing and Configuring a Network Policy Server
Active Directory Administration
Presentation transcript:

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management Upon completion of this module, you should be able to: List Unisphere security features Describe Unisphere authentication using LDAP Audit Control Station events Explain VNX system notification methods and event monitoring Implement Unisphere Security Unisphere Security and Basic Management1

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management This lesson covers the following topics: VNX administration Unisphere interface navigation Command Line Interface (CLI) for File and Block access Lesson 1: Unisphere and CLI interfaces Unisphere Security and Basic Management2

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Administration Unisphere Security and Basic Management3 Administration performed via GUI or CLI connection to VNX  Unisphere GUI  CLI to Control Station (for File) or Host Secure CLI (for Block)

Copyright © 2014 EMC Corporation. All Rights Reserved. EMC Unisphere Unisphere Security and Basic Management 4 Enter the IP address of the VNX Control Station or Storage Processor Browser session Unisphere VNX Client

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (1 of 8) Unisphere Security and Basic Management Top Navigation Bar 2.Task Pane 3.Main Pane 1.Top Navigation Bar 2.Task Pane 3.Main Pane Expand Main Pane Expand Task Pane

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (2 of 8) Unisphere Security and Basic Management Toolbar Search Option 2.General Options 1.Toolbar Search Option 2.General Options 2 2 Logged User Navigation “breadcrumb” Hide Task Menu Hide Task Menu Expand Task Menu

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (3 of 8)  TTTTTTTTTTTTTTTTTTTTTT Unisphere Security and Basic Management7 Mouse over an option of the Top Navigation Bar opens a submenu Right-click of mouse over a query selection opens menu with actions for selected object

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (4 of 8) Unisphere Security and Basic Management8 Page Help Export to CSV file Refresh the Page Tools

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (5 of 8) Unisphere Security and Basic Management9

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (6 of 8) Mouse cursor over field name  Wait for pop-up description  Quick answers for simple usability questions Example:  User is creating a NFS Export for a File System (discussed later on this course)  The Create NFS export dialog box opens with data form  Mouse cursor was placed over “Read-only Hosts:”  Operator waited two seconds Unisphere Security and Basic Management10

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Interface Terms and Components (7 of 8) Wizards  Generates pop-up window  Simplified step walk through  Designed for novice users  Further modification and management done using Navigation and Task pages Unisphere Security and Basic Management 11

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX for File Command Line Interface (CLI) Used for the completion of most administrative tasks Primary function: scripting of repetitive tasks CLI can be accessed in the Control Station (CS)  Local access available directly at the Control Station console  Remote access available via an SSH interface tool like PuTTy Approximately 80 Linux-like commands.  CS runs an EMC-customized Linux Data Movers (DM) do not have CLI  Commands are entered from CS  CS route the commands to  Data Movers  Storage Systems Unisphere Security and Basic Management12

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX for File CLI Commands cel_ commands  Execute to remotely-linked VNX for File systems cs_ commands  Execute to the local Control Station fs_ commands  Execute to the specified file system nas_ commands  Execute to the Control Station database server_ commands  Execute directly to a Data Mover Unisphere Security and Basic Management13

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Integration with VNX for File CLI Integration with Command Line Interface (CLI)  VNX for File CLI commands can be executed via GUI interface  Only one command at a time Unisphere Security and Basic Management 14

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX for Block Command Line Interface (CLI) Secure CLI is a comprehensive VNX CLI for Block solution  Client application installed on supported Windows, Linux /Unix hosts  Commands consist of naviseccli command and options  Commands: Storage connectivity/provisioning, and management, LUN compression/expansion/migration, storage domain/host agents Unisphere Security and Basic Management15

Copyright © 2014 EMC Corporation. All Rights Reserved. SP Setup Page Unisphere Security and Basic Management16

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management During this lesson the following topics were covered: VNX administration Unisphere interface navigation Command Line Interface (CLI) for File and Block access Lesson 1: Summary Unisphere Security and Basic Management17

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management This lesson covers the following topics: VNX Administrative user authentication Unisphere Security Features Unisphere authentication scopes Unisphere user roles for system administration Lesson 2: Unisphere Security Features Unisphere Security and Basic Management18

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Management Access Security Different management applications with access to VNX system Access limited to authorized users and applications  Authentication  Identify user making a request  Authorization  Determine if user has the right to exercise the request  Privacy  Avoid unauthorized disclosure of information to user  Trust  Verify the identity of the communication parties  Audit  Record of activities performed by authenticated user Unisphere Security and Basic Management19

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Administration Security VNX access via GUI or CLI interfaces require user authentication Administrative options for  Unique administrative user accounts  Role based administration  Secure authentication and management  SSL/TLS &SSH Unisphere Security and Basic Management20 Login

Copyright © 2014 EMC Corporation. All Rights Reserved. Administrative Authentication Scope Authentication Scopes  Global  Local  LDAP Unisphere Security and Basic Management21 Login LDAP LDAP User LDAP Server Local Local User Storage Domain Global User Global

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Default Management Accounts VNX for File and Unified systems default management accounts VNX for Block systems do not have default factory installed management accounts  A global account can be created during initialization or first login Unisphere Security and Basic Management22 AccountDescription root VNX for File local account which provides administrator level privileges on the CS nasadmin VNX for File local account which provides administrator level privileges on the CS sysadmin Global system account which provides administrator level privileges for both VNX for File and VNX for Block

Copyright © 2014 EMC Corporation. All Rights Reserved. Areas of Administrative responsibility Privileges to VNX object  Read/Modify/Full Control Associated to User’s Primary group System-defined roles  Cannot be modified/deleted User-defined role  Custom configured Roles apply to GUI & CLI Administrative Roles Unisphere Security and Basic Management23

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere SSL/TLS Certificates Certificates secure VNX network links for:  Management  LDAP bindings  Establishing a trusted identity  PKI encoding and decoding Default self-signed certificates  SPA, SPB & Control Station  2048 bit RSA keys Generate Data Mover self-signed certificates Configure CA-signed certificates  SPA, SPB & Data Movers Unisphere Security and Basic Management 24 LDAP FileMover SSL/TLS Management VMware ESXi Client Software

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Log Auditing Audit Logging on a VNX for Block system  Check for suspicious activity logged on the VNX SPs  Provides information on the affected SPs and the associated hosts Auditing on a VNX for File system  Capture management activities initiated from the Control Station  Verify access to key system files and end-user data Integration with RSA enVision  Application provides collection, analysis and reporting of administrative events logged by the VNX storage systems Unisphere Security and Basic Management25

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management During this lesson the following topics were covered: VNX Administrative user authentication Unisphere authentication scopes Unisphere Security features Unisphere user roles for system administration Lesson 2: Summary Unisphere Security and Basic Management26

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Monitoring This lesson covers the following topics: VNX integration with LDAP for management Binding the Control Station and SPs to LDAP Configuring group mappings Assigning administrative roles to LDAP users Lesson 3: Unisphere Authentication using LDAP Unisphere Security and Basic Management27

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring LDAP Authentication Overview Configure LDAP binding to LDAP server Map a VNX Administrative Role to an LDAP Group VNX creates Local group and maps it to LDAP Group Unisphere Security and Basic Management28 LDAP Binding 1 1 LDAP-based Domains Microsoft AD iPlanet OpenLDAP Role to Group mapping 2 2 Group mapping 3 3

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring LDAP Binding: Part 1 Settings > Security  From System Tasks pane Manage LDAP Domain Server tab  IP address & port number  Server Type and Protocol  Domain Name  BindDN and Password  User and Group search Paths Unisphere Security and Basic Management29

Copyright © 2014 EMC Corporation. All Rights Reserved. Role Mapping tab  For LDAP Group object  Domain group or user name  Role for user or group Advanced tab  Customize various LDAP attributes Configuring LDAP Binding: Part 2 Unisphere Security and Basic Management30

Copyright © 2014 EMC Corporation. All Rights Reserved. Automatic LDAP Group Mapping New local group automatically created on VNX Automatic mapping between new local group and LDAP domain group  Members of LDAP group granted administrative rights for role Unisphere Security and Basic Management31

Copyright © 2014 EMC Corporation. All Rights Reserved. LDAP User Login GUI Login  LDAP Credentials  Username/Password  Select Use LDAP option CLI Login to Control Station  LDAP credentials  Username Unisphere Security and Basic Management32 login as: password:******* ~]$ login as: password:******* ~]$

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management During this lesson the following topics were covered: Integration of VNX with LDAP domains and users How to bind the Control Station and SPs to LDAP Configuration of Group mappings Assignment of Administrative Roles to LDAP users Lesson 3: Summary Unisphere Security and Basic Management33

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management This lesson covers the following topics: Auditing the administrative access to the Control Station Auditing events Control Station audit commands, creation of logs and reports Lesson 4: Control Station Auditing Unisphere Security and Basic Management34

Copyright © 2014 EMC Corporation. All Rights Reserved. Auditing on the VNX Control Station The purpose of auditing is to record the security-relevant events that happen on a system  Provides information about who initiated the event and the event’s affect on the system (e.g., success or failure) Auditing is driven by several factors including compliance concerns and basic system management Auditing is enabled by default Unisphere Security and Basic Management35

Copyright © 2014 EMC Corporation. All Rights Reserved. Default Audit Events Defined in /etc/audit/audit.rules  Root file system access by Administrators  A list of sensitive system files  Changes to the audit infrastructure  Users authenticating to the system Unisphere Security and Basic Management36

Copyright © 2014 EMC Corporation. All Rights Reserved. Record Types Several main record types associated to audit events  The main record types are listed on the table below Unisphere Security and Basic Management37

Copyright © 2014 EMC Corporation. All Rights Reserved. Audit Commands Native Linux commands  No VNX specific commands  Man pages  Requires root permissions /sbin/auditctl  Controls the kernel’s audit subsystem /sbin/ausearch  For reading the audit trail /sbin/aureport  Produces summary reports of audit logs /sbin/service auditd  Controls the audit subsystem  Options: start, stop, status, restart, reload, rotate, condrestart Unisphere Security and Basic Management38

Copyright © 2014 EMC Corporation. All Rights Reserved. Audit Control #./auditctl -h usage: auditctl [options] -a Append rule to end of ist with ction -A Add rule at beginning of ist with ction -b Set max number of outstanding audit buffers allowed Default=64 -d Delete rule from ist with ction l=task,entry,exit,user,watch,exclude a=never,possible,always -D Delete all rules and watches -e [0..2] Set enabled flag -f [0..2] Set failure flag 0=silent 1=printk 2=panic -F f=v Build rule: field name, operator(=,!=,,<=, >=,^,&) value -h Help #./auditctl -h usage: auditctl [options] -a <l,a>Append rule to end of <l>ist with <a>ction -A <l,a>Add rule at beginning of <l>ist with <a>ction -b <backlog>Set max number of outstanding audit buffers allowed Default=64 -d <l,a>Delete rule from <l>ist with <a>ction l=task,entry,exit,user,watch,exclude a=never,possible,always -DDelete all rules and watches -e [0..2]Set enabled flag -f [0..2]Set failure flag 0=silent 1=printk 2=panic -F f=vBuild rule: field name, operator(=,!=,<,>,<=, >=,^,&) value -hHelp Unisphere Security and Basic Management39 Configure Audit behavior - /sbin/auditctl  Example shows abbreviated output of this command help

Copyright © 2014 EMC Corporation. All Rights Reserved. Viewing Audit Log Reading the audit trail - /sbin/ausearch  Example shows file system paths accessed  Output below is abbreviated. Unisphere Security and Basic Management40 # /sbin/ausearch -i -m PATH |grep cwd type=CWD msg=audit(04/28/ :05:08.909:8442) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.911:8443) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.914:8444) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.916:8445) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.917:8446) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.974:8447) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.975:8448) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :10:01.119:8472) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.120:8473) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.132:8475) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.133:8476) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.137:8477) : cwd=/home/nasadmin # /sbin/ausearch -i -m PATH |grep cwd type=CWD msg=audit(04/28/ :05:08.909:8442) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.911:8443) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.914:8444) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.916:8445) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.917:8446) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.974:8447) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :05:08.975:8448) : cwd=/nbsnas/server type=CWD msg=audit(04/28/ :10:01.119:8472) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.120:8473) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.132:8475) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.133:8476) : cwd=/home/nasadmin type=CWD msg=audit(04/28/ :10:01.137:8477) : cwd=/home/nasadmin

Copyright © 2014 EMC Corporation. All Rights Reserved. Creating Audit Reports Generating Audit Summary Reports - /sbin/aureport  Example shows Authentication Report Unisphere Security and Basic Management41 #./sbin/aureport –auth Authentication Report ============================================ # date time acct host term exe success event ============================================ 1. 04/28/ :30:04 acct="sysadmin ? ? /nas/sbin/change_passwd no /28/ :30:06 acct="root ? ? /nas/sbin/change_passwd no /28/ :30:08 acct="itechi ? ? /nas/sbin/change_passwd no /28/ :34:52 acct="nasadmin ssh /usr/sbin/sshd yes /28/ :35:09 acct="root ? pts/0 /bin/su yes 256 #./sbin/aureport –auth Authentication Report ============================================ # date time acct host term exe success event ============================================ 1. 04/28/ :30:04 acct="sysadmin ? ? /nas/sbin/change_passwd no /28/ :30:06 acct="root ? ? /nas/sbin/change_passwd no /28/ :30:08 acct="itechi ? ? /nas/sbin/change_passwd no /28/ :34:52 acct="nasadmin ssh /usr/sbin/sshd yes /28/ :35:09 acct="root ? pts/0 /bin/su yes 256

Copyright © 2014 EMC Corporation. All Rights Reserved. Audit Backups Audit logs are located in /celerra/audit Backup of auditing configuration files and current audit log file  To backend: /nas/var/auditing/  Each Control Station synched every 180 seconds  /nas/var/auditing/cs0/  /nas/var/auditing/cs1/  If Control Station in slot 0 is replaced, recovery code will restore the audit configuration files  Slot 1 auditing configuration is restored manually Unisphere Security and Basic Management42 # ls /nas/var/auditing/ cs0 lost+found # ls /nas/var/auditing/cs0 auditd.conf audit.log audit.rules # ls /nas/var/auditing/ cs0 lost+found # ls /nas/var/auditing/cs0 auditd.conf audit.log audit.rules

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management During this lesson the following topics were covered: Auditing the administrative access to the Control Station Events that can be configured for auditing Control Station audit commands used for the creation of logs and reports Lesson 4: Summary Unisphere Security and Basic Management43

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management This lesson covers the following topics: Unisphere monitoring features Event logs for VNX system activities Event monitor operations Event monitor notifications Lesson 5: Notification Methods and Event Monitoring Unisphere Security and Basic Management44

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere System Monitoring System > Monitoring and Alerts > Unisphere Security and Basic Management45

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Alerts System > Monitoring and Alerts > Alerts Unisphere Security and Basic Management46

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Background Tasks for File System > Monitoring and Alerts > Background Tasks for File Unisphere Security and Basic Management47

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Event Logs for File VNX for File related events  Messages from Data Mover or Control Station  Selected time interval and severity level  Right-click the mouse over selection and select details Unisphere Security and Basic Management48

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: SP Event Logs Unisphere Security and Basic Management49 VNX for Block related events  Events logged on the Storage Processor

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Notifications for File System Event Notification: Facility, Severity, Action, Destination System Resource Utilization: Storage usage, Storage Protection, DM load Unisphere Security and Basic Management50

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Notifications for Block Creation and Centralized or Distributed Monitors Creation and Configuration of Notification templates  Event Severity: Information, Warning, Error, Critical  Event Category: Basic Array, MirrorView, SnapView, SAN Copy, NQM, Alerts, Virtual Provisioning, VNX Snapshots  Actions: Logs, Combine events, add response, notification, paging service, SNMP trap Unisphere Security and Basic Management51

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Statistics for File Graphics with info about usage and performance  File System  Storage  Network device Change of parameters for visualization and Flexible navigation Unisphere Security and Basic Management52

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Monitoring: Statistics for Block Unisphere Security and Basic Management53 Unisphere Analyzer

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management During this lesson the following topics were covered: Unisphere monitoring features Event logs for VNX system activities Event monitor operations Event monitor notifications Lesson 5: Summary Unisphere Security and Basic Management54

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management This lesson covers the following topics: Configuring storage domain management of VNX systems Configuration of administrative users and assignment of administrative roles Creating notifications Setting notifications for various severity levels Lesson 6: Implementing Unisphere Security Unisphere Security and Basic Management55

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Storage Domains All Systems > Domains  Each VNX is its own storage domain  Domain members: SPA, SPB, Control Station  System managed by Unisphere session to any member  Global user account  “sysadmin”: Administrative role Unisphere Security and Basic Management56 Storage Domain SPASPB CS

Copyright © 2014 EMC Corporation. All Rights Reserved. Multi-Domain Management All Systems > Domains Unisphere Security and Basic Management57

Copyright © 2014 EMC Corporation. All Rights Reserved. Adding a VNX System to Domain All Systems > System List > Add Unisphere Security and Basic Management58 SP IP Address

Copyright © 2014 EMC Corporation. All Rights Reserved. Creating New Administrative Users Settings > Security > User Management  Requires Administrator or Security Administrator role  Global users  Local users  For File  For Block Unisphere Security and Basic Management59

Copyright © 2014 EMC Corporation. All Rights Reserved. Assigning Administrative Roles Settings > Security > User Management > User Customization for File > Users > Properties  Primary Group  Group Role Membership  Client Access Unisphere Security and Basic Management60

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Notifications: User Setup account Unisphere Security and Basic Management61

Copyright © 2014 EMC Corporation. All Rights Reserved. VNX Notifications: Create Notifications for File Create event to monitor Select recipient of notification Unisphere Security and Basic Management62

Copyright © 2014 EMC Corporation. All Rights Reserved. Event Monitoring Configuration Unisphere Security and Basic Management63 1.Event Monitor Type DistributedDistributed CentralizedCentralized 2.Selection of hosts to monitor 3.Events by Category Basic ArrayBasic Array MirrorViewMirrorView SnapViewSnapView SAN CopySAN Copy AlertsAlerts VNX SnapshotsVNX Snapshots 4.Severity CriticalCritical ErrorError WarningsWarnings InformationalInformational 5.Response Send Send Send SNMP trapSend SNMP trap 1.Event Monitor Type DistributedDistributed CentralizedCentralized 2.Selection of hosts to monitor 3.Events by Category Basic ArrayBasic Array MirrorViewMirrorView SnapViewSnapView SAN CopySAN Copy AlertsAlerts VNX SnapshotsVNX Snapshots 4.Severity CriticalCritical ErrorError WarningsWarnings InformationalInformational 5.Response Send Send Send SNMP trapSend SNMP trap

Copyright © 2014 EMC Corporation. All Rights Reserved. Unisphere Security and Basic Management During this lesson the following topics were covered: Configuring and management of storage domain Configuration of administrative users and assignment of administrative roles Setting notifications Setting notifications for File for various severity levels Lesson 6: Summary Unisphere Security and Basic Management64

Copyright © 2014 EMC Corporation. All Rights Reserved. Summary Key points covered in this module: VNX provides multiple interface options, including VNX Unisphere and CLI Unisphere supports Global, Local, and LDAP authentication Options, as well as built-in management accounts. Default and custom administrative roles help to control management access. Control Station auditing can be used to manage desired events. Unisphere monitoring and notification can also be used to manage and report on events. Unisphere Security and Basic Management65

Copyright © 2014 EMC Corporation. All Rights Reserved. This slide is intentionally left blank. Unisphere Security and Basic Management66

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.