Manualshelf

HP StorageWorks P9000 Command View Advanced Edition Software Common Component Security Guide

ManualsBrandsHP ManualsSoftwareHP Command View XP AE Media Kit
31323334353637383940
Creating a system
32
Select an external authentication server that can specify security parameters for passwords, as
described in subsection 1-3-5 , in order to ensure that the reliability of passwords is equivalent
to those that are used by internal authentication.
Select an external authentication server that can use the account locking function. The account
locking function is also used by internal authentication and ensures that the system is
protected against brute force attacks.
4-7-2-2 Installing an external authentication server
When installing an external authentication server, make sure that the following requirements are
satisfied to protect the external authentication server against communication threats between the
external authentication server and the management server:
Install an external authentication server in a data center, as defined in subsection 1-3-2 .
If an external authentication server and management server are not installed in the same data
center, the communication paths between them must be protected. Use the third method listed
in subsection 1-3-4 to protect the communication paths between the external authentication
server and management server.
Note that Common Component supports the use of StartTLS for LDAP directory servers in order to
protect communication paths.
4-7-2-3 Running an external authentication server
When running an external authentication server, make sure that the following requirements are
satisfied in order to protect the external authentication server against threats:
As the administrator of the external authentication server select a person who is trustworthy
and will not commit any malicious acts (see subsection 1-3-1 for more information). The
administrator of the external authentication server must be able to cooperate with the Common
Component system architect and account administrator in order to operate the external
authentication server. Note that the external authentication server administrator does not need
to be the Common Component system architect or account administrator. The external
authentication server administrator must, however, possess the same qualifications as those
required of system architects and account administrators, as described in subsection 1-1-1 .
Use the functions that belong to the external authentication server selected in (1) in order to
handle the authentication information. Specify the security parameters as described in
subsection 1-3-5 for the external authentication server, and use the operational methods
described in subsection 1-3-5 .