This post is more than 5 years old
1 Rookie
•
10 Posts
0
1083
VASA - Solutions Enabler security needs
Hi,
The customer i'm working with has set up the user authentification on their VMAX environnement with the symcli command "symauth". I wonder if VASA will use SE in order to collect and pass information to VMware.
If it is the case, i would need to know what kind of rights to give to SMI-S for (VASA) in order for it to work correctly even if user authentification is in place.
If anyone know, it would be greatly appreciated,
Thank you,
Christian
WorldPolice
123 Posts
0
March 18th, 2014 08:00
You provide the vmadmin role and it is done through ECOM. Please see this documentation for steps:
http://www.emc.com/collateral/software/white-papers/h10630-vmware-vasa-symmetrix-wp.pdf
M_Salem
213 Posts
0
March 18th, 2014 12:00
It should work fine with the current symauth configuration.
To further confirm, I enabled symauth in my lab then created a new user on the Windows machine where SMI-S/ECOM is installed. added it to symauth with role Monitor. I made this user has rights to start/stop the ECOM service.
I restarted the ECOM service with the new user and everything worked fine with no issues even after deleting the user from symauth.
I checked also ECOM documents and there was nothing mentioned there about symauth just symacl.
Tandok
34 Posts
2
March 18th, 2014 12:00
SMI-S provider makes direct symapi calls, so symauth doesn't affect its functionality, only symacl does.
As Drew pointed out, you just need an ECOM user with vmadmin role for communication to VASA
sauravrohilla
859 Posts
0
March 18th, 2014 19:00
agree with Karan, you just need to add the user in ECOM.
carriech82
1 Rookie
1 Rookie
•
10 Posts
0
March 19th, 2014 11:00
Hi everyone,
Thank you much for all your answers. Thank for pointing out that there is stuff to look at when working with symacl. Customer wishes to limit AIX servers that will be using SNAPs.
So i'll keep in mind to configure "symacl" on the server having the SMI-S provider.
Thank you,
Christian