Setting up authentication and authorization with Device Manager - Storage Navigator

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-08-0x
Audience
anonymous
Part Number
MK-97HM85028-11
The following figures show the Device Manager - Storage Navigator login workflow without and with an authentication server. The authentication server must be configured for each user.
Note: If you use the SVP, enable authentication by the SVP and disable external authentication by the maintenance utility. For instructions, see Disabling external authentication by the maintenance utility.
Figure. Logging in without an authentication server

Figure. Logging in with an authentication server

The following figure shows the login workflow when an authentication server and an authorization server are used in combination. In this case, the user groups that are registered in the authorization server can be assigned to Device Manager - Storage Navigator users.

Figure. Logging in with an authentication server and an authorization server


If you register the information of the authentication server as an SRV record in the DNS server, you can use the authentication server without knowing the host names and port numbers. If you register multiple numbers of authentication servers to the SRV record, you can determine the authentication server to be used based on the priority that has been set in advance.

CAUTION:
  • If the affiliated user group registered in the external authentication server and the user group registered locally in the storage system are different, the user group in the storage system has higher priority.
  • You cannot create a load balancer between the SVP and the external authentication server.
  • If you use external authentication of the SVP, you need to disable external authentication of the maintenance utility.