2 Bronze

VASA - Solutions Enabler security needs

Jump to solution

Hi,

The customer i'm working with has set up the user authentification on their VMAX environnement with the symcli command "symauth".  I wonder if VASA will use SE in order to collect and pass information to VMware.

If it is the case, i would need to know what kind of rights to give to SMI-S for (VASA) in order for it to work correctly even if user authentification is in place.

If anyone know, it would be greatly appreciated,

Thank you,

Christian

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
3 Argentum

Re: VASA - Solutions Enabler security needs

Jump to solution

You provide the vmadmin role and it is done through ECOM.  Please see this documentation for steps:

http://www.emc.com/collateral/software/white-papers/h10630-vmware-vasa-symmetrix-wp.pdf

View solution in original post

0 Kudos
5 Replies
3 Argentum

Re: VASA - Solutions Enabler security needs

Jump to solution

You provide the vmadmin role and it is done through ECOM.  Please see this documentation for steps:

http://www.emc.com/collateral/software/white-papers/h10630-vmware-vasa-symmetrix-wp.pdf

View solution in original post

0 Kudos
3 Argentum

Re: VASA - Solutions Enabler security needs

Jump to solution

It should work fine with the current symauth configuration.

To further confirm, I enabled symauth in my lab then created a new user on the Windows machine where SMI-S/ECOM is installed. added it to symauth with role Monitor. I made this user has rights to start/stop the ECOM service.

I restarted the ECOM service with the new user and everything worked fine with no issues even after deleting the user from symauth.

I checked also ECOM documents and there was nothing mentioned there about symauth just symacl.

0 Kudos
2 Iron

Re: VASA - Solutions Enabler security needs

Jump to solution

SMI-S provider makes direct symapi calls, so symauth doesn't affect its functionality, only symacl does.

As Drew pointed out, you just need an ECOM user with vmadmin role for communication to VASA

4 Tellurium

Re: VASA - Solutions Enabler security needs

Jump to solution

agree with Karan, you just need to add the user in ECOM.

Capture.JPG.jpg

0 Kudos
2 Bronze

Re: VASA - Solutions Enabler security needs

Jump to solution

Hi everyone,

Thank you much for all your answers.  Thank for pointing out that there is stuff to look at when working with symacl.  Customer wishes to limit AIX servers that will be using SNAPs.

So i'll keep in mind to configure "symacl" on the server having the SMI-S provider.

Thank you,

Christian

0 Kudos