Data security settings
Table 16 on page 56 shows security features available for supported storage system
storage types.
Table 16 Security features
Storage type Port Protocol Security settings
iSCSI storage 3260 TCP
l
iSCSI host (initiator) level access control is available
through Unisphere (allowing clients to access primary
storage, snapshots, or both).
l
CHAP authentication is supported so that storage system
iSCSI Servers (targets) can authenticate iSCSI hosts
(initiators) that attempt to access iSCSI-based storage.
l
Mutual CHAP authentication is supported so that iSCSI
hosts (initiators) can authenticate storage system iSCSI
Servers.
SMB storage 445 TCP, UDP
l
Authentication for domain and administrative actions is
provided through Active Directory user and group
accounts.
l
File and share access controls are provided through
Windows directory services. SMB share access control
list (ACL) can also be configured through an SMI-S
interface.
l
Security signatures are supported through SMB signing.
l
SMB encryption is provided through SMB 3.0 and
Windows 2012 for those hosts capable of using SMB.
l
Supports optional file-level retention services through
add-on software.
NFS storage 2049 TCP
l
Share-based access control provided through Unisphere.
l
Support for NFS authentication and access control
methods identified in NFS versions 3 and 4.
l
Supports optional file-level retention services through
add-on software.
KDC 88
l
Key Distribution Center. Kerberos server that delivers
Kerberos tickets to connect to Kerberos services.
Backup and restore
l
NDMP security can be implemented based on NDMP
shared secrets.
Data Security Settings
56 EMC Unity All Flash, EMC Unity Hybrid, EMC UnityVSA 4.0 Security Configuration Guide
To Next Page
Loading...
Need help?
General
