External authorization requirements using authorization server

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-08-0x
Audience
anonymous
Part Number
MK-97HM85028-11
The authorization server must satisfy the following requirements to work together with the authentication server:
Note: Use an operating system that continues to be supported by a vendor. Operations performed using firmware for which vendor support has expired cannot be guaranteed.
Prerequisite OS
  • Windows Server 20081, 2
  • Windows Server 2008 R21, 2
  • Windows Server 2012 R2
Note:
  1. Microsoft support for this operating system has expired. Use an operating system for which Microsoft continues to provide the support.
  2. VSP E series does not support this operating system.
Prerequisite software
  • Active Directory
Authentication protocol for user for searching
  • LDAP v3 simple bind (Note that Bind DN is used for authentication.)
Root certificate file format for Device Manager - Storage Navigator
  • X509 DER format
  • X509 PEM format
Requirements for root certificate to be set on Storage Navigator
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
  • BasicConstraints
  • KeyUsage
  • SubjectKeyIdentifier
Requirements for certificate to be set on the connected server
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
  • BasicConstraints
  • KeyUsage
  • SubjectKeyIdentifier

The public key of the server certificate must be RSA.

If no DNS server is used, the IP address of the authorization server must be specified for the common name of the certificate.

Note:
  • Acquire the root certificate for the authentication server from the authentication server administrator.
  • The certificates has an expiration date. If the certificate expires, you will not be able to connect to the authentication server. Make sure to set the expiration date carefully to prepare the certificate.
  • For more information about the certificate management, consult with the authentication server administrator and manage it appropriately.
Note: When using an LDAP server or a Kerberos server as an authentication server, and combining it with an authorization server, use the same host for the authentication and authorization servers.

When a RADIUS server is used as an authentication server, two authentication servers (one primary and one secondary) can be specified, but only one authorization server can be specified.