Managing authentication and authorization servers

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

An authentication server enables users to log in to Device Manager - Storage Navigator with the same password as the password that they use for other applications. The authentication server must be configured for each user.

The following figure shows the login workflow without an authentication server:

The following figure shows the login workflow with an authentication server:

If an authorization server works together with an authentication server, the user groups that are registered in the authorization server can be assigned to a user for Device Manager - Storage Navigator.

The following figure shows the login workflow when an authentication server and an authorization server are used in combination:

You can use the authentication server without knowing the host names and port numbers, if you register the information of the authentication server as a service record (SRV) on the DNS server. If you register multiple numbers of authentication servers to the SRV record, you can determine the authentication server to be used, based on the priority that has been set in advance.

CAUTION:
  • If the affiliated user group registered in the external authentication server and the user group registered locally in the storage system are different, the user group in the storage system has higher priority.
  • You cannot create a load balancer between the SVP and the external authentication server.