Deployment Guide

Metro node customers can choose to configure their user accounts using either:

● An external OpenLDAP or Active Directory server which integrates with UNIX using Service for UNIX 3.5, Identity

Management for UNIX, or other authentication service.

OpenLDAP and Active Directory users are authenticated by the server. Usernames and passwords that are created on an

external server are fetched from the remote system to the metro node system each time they are used.

● The metro node management server

Usernames and passwords are created locally on metro node system, and are stored on metro node.

• LDAP/AD user authentication

To improve security, shell access is limited to the admin and service users only.

See the CLI Reference Guide for metro node for more information about the User add command with the -r option.

Users who are defined as either admin and service will be taken to the shell command line once logged-in to the metro node

management server. Users not having shell access are redirected to the Vplexcli.

All users using LDAP credentials are defined as vplexuser by default.

Individual login credentials can be set for LDAP users as every user account has a different username and password. However,

all LDAP users are given identical privileges (same role and same shell access value). The Administrator can either grant or

revoke shell access to any customizable role, such as vplexuser.

explicitly granted by the Administrator.

Metro node allows file transfer to/from the metro node management server using SCP. SCP permissions are granted with shell

access.

Users with no shell access can perform SCP on files only (not on directories) from or to a single directory. An additional CLI

context represents this SCP directory.