HP StorageWorks XP Command View Advanced Edition Common Component Security Guide Description and Operator's Guide (T1780-96308, July 2009)
Creating a System
25
Command View Advanced Edition Common Component authentication function. The existing
authentication function method will hereafter be called internal authentication, and the external
authentication server method will be called external authentication.
4-7-1 Linking to an External Authentication Server
For details about how to link to an LDAP directory or RADIUS server, see the following table.
Table 4-11 Software Necessary To Link to an External Authentication Server
Management software being used See:
XP Command View Device Manager HP StorageWorks XP Command View
Advanced Edition software server installation and
configuration guide for Device Manager and Provisioning
Manager
5-7 Linking to an external authentication server
XP Command View Replication Manager --
4-7-2 Providing Security Equivalent to Internal
Authentication
To protect an external authentication server against threats and to provide a level of security that is
equivalent to internal authentication, make sure that the requirements below are satisfied when
selecting, installing, and running an LDAP directory or RADIUS server.
4-7-2-1 Selecting an External Authentication Server
When selecting an external authentication server, make sure that the following requirements are
satisfied in order to protect the external authentication server against threats:
• Select an external authentication server that can specify security parameters for passwords, as
described in 1-3-5 Management of User Authentication Information, in order to ensure that the
reliability of passwords is equivalent to those that are used by internal authentication.
• Select an external authentication server that can use the account locking function. The account
locking function is also used by internal authentication and ensures that the system is
protected against brute force attacks.
4-7-2-2 Installing an External Authentication Server
When installing an external authentication server, make sure that the following requirements are
satisfied to protect the external authentication server against communication threats between the
external authentication server and the management server:
• Install an external authentication server in a data center, as defined in 1-3-2 Hardware
Management.
• If an external authentication server and management server are not installed in the same data
center, the communication paths between them must be protected. Use the third method listed
in 1-3-4 Network Management to protect the communication paths between the external
authentication server and management server.
Note that HP StorageWorks XP Command View Advanced Edition Common Component supports
the use of StartTLS for LDAP directory servers in order to protect communication paths.
4-7-2-3 Running an External Authentication Server
When running an external authentication server, make sure that the following requirements are
satisfied in order to protect the external authentication server against threats: