Security
■
Solution Overview
Unauthorized access can be monitored by using the ETERNUS DX's audit log collection and transfer function. Use
acquired audit log information as audit trail information to monitor and track suspicious operations and access.
Centralized administrative control of SED authentication keys in an external server can be performed by linking
with the key server. Even if a data drive in the ETERNUS DX is stolen, data leakage can be prevented by safely
storing the authentication key. Automatic updating of the authentication key on a periodic basis also enhances
the security of the entire system.
Key groups
- as audit information when
system audits are performed
- to monitor and report the
storage system status
Audit logs are used
Syslog server
Management LAN
Information such as
the storage system name,
the user information,
the process time,
the process details,
and the process results
Log in
↓
Change settings
↓
Log out
Audit log
System administrator
Auditor
ETERNUS DX
SED SED SED SED
RAID group #0
SED SED SED SED
RAID group #1
ETERNUS SF KM
The authentication key is
updated periodically according
to the specified schedule
Key server
■
Configuration Procedure
Use the ETERNUS DX to enable the audit log transmission function and to register the Syslog server as the
destination to which audit logs are sent.
When key management server linkage is used, set up SED key management in the operation management
server (ETERNUS SF KM). Use the ETERNUS DX to create a key group and to register the key server. Keys are
created in the operation management server. The ETERNUS DX requests the key to be extracted from the
operation management server or requests the key to be updated when required.
● Required Environment
A Syslog server is required for the destination for the transmission of the audit log that is collected.
Note that ETERNUS SF KM is required when linking with the key management server.
11. Solution Configuration
Security
202 Configuration Guide (Basic)
To Next Page
Loading...
