Manualshelf

HP StorageWorks P9000 Performance Advisor Software v5.2 Install Guide (T1789-96317, May 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks Performance Advisor XP Media Kit
21222324252627282930
LDAP Authentication
The LDAP Authentication is required if you want to implement the Lightweight Directory Access Protocol
(LDAP) for centralized authentication, where the LDAP server authenticates and authorizes P9000
Performance Advisor users. The following LDAP server implementations and authentication mechanism
are supported by P9000 Performance Advisor from v4.5 onwards:
OpenLDAP
Microsoft Active Directory
Supported LDAP server implementations
SIMPLE (clear-text password) mechanismSupported LDAP authentication mechanism
To implement the LDAP Authentication, complete the following prerequisites:
Install LDAP v3 (RFC 4510) on a server with an established P9000 Performance Advisor connection.
Create the StorageAdmins and StorageUsers groups on the LDAP server, and add members
to these groups.
For the SIMPLE (clear-text password) mechanism and a secure connection, enable SSL on both the
LDAP server and P9000 Performance Advisor management station.
IMPORTANT:
Note the LDAP Distinguished Names (DN)s for the StorageAdmins and StorageUsers
groups. An LDAP group used with P9000 Performance Advisor must have the DNs of the group
members available in an attribute of the group.
Note the UserBaseDN and GroupBaseDN required for P9000 Performance Advisor to allow
authentication and authorization of users.
UserBaseDN is the location in the LDAP tree that contains all the user entries. P9000 Perform-
ance Advisor uses UserBaseDN to search user entries in the LDAP directory when authentic-
ating users.
GroupBaseDN is the location in the LDAP tree that contains all the group entries. P9000
Performance Advisor uses GroupBaseDN to search group entries in the LDAP directory when
authorizing users.
RADIUS Authentication
RADIUS Authentication is required if you want to implement RADIUS protocol for centralized
authentication, where the RADIUS server authenticates and authorizes P9000 Performance Advisor
users. The following RADIUS server implementation and authentication mechanisms are supported by
P9000 Performance Advisor from v4.5 onwards:
Microsoft Active Directory with Internet Authentication Service (IAS)
for Windows platform
RADIUS server implementation
PAP: Password Authentication Protocol
CHAP: Challenge Handshake Authentication Protocol
RADIUS authentication mechanisms
To implement RADIUS Authentication, your system administrator must add a RADIUS Vendor-Specific
Attribute (VSA) to the user profile on the RADIUS server. The VSA is required for authorizing P9000
Performance Advisor and it must have an attribute type of 1, and a vendor ID of 11 that is assigned
Understanding the P9000 Performance Advisor installation prerequisites28