Directory Services Setup and Configuration

Directory Services on FlashArray

Audience
Public
Product
FlashArray > FlashArray Directory Services
FlashArray
FlashArray > Purity//FA
Source Type
Documentation

Directory Services provides secure FlashArray administration through role-based, multi-user access control.

Support

Our Directory Services implementation is supported for the following:

  • Windows Active Directory
  • OpenLDAP (Purity 4.7.0+ required)

Note: OpenLDAP 389DS is supported only on Purity v.5.2.0 and greater.

Role-Based Access Control

  • Directory Services Provides Role Based Access Control (RBAC) through integration with Windows Active Directory by using the groups defined in AD for restricting access to the FlashArray.
  • Designated Windows users may log into the Pure Array using their Windows domain credentials.
  • Access is granted when a user in the Windows Domain is made a member of one of four Pure Groups which you will create in AD. To the FlashArray, each Group has its own level of access: Array Admin Access, Storage Admin Access, Ops Admin Access, and Read-only Access. (For more detailed information, please visit RBAC Command Access List - Role Based Access Controls).

Security

  • There are no shared logins. With Directory Services, a user will use their own Windows Credentials to log into the FlashArray.
  • You can limit access. Activity and level of activity can be controlled remotely by assigning Windows User accounts as members to Pure Groups in Active Directory.
  • Access can be granted to or revoked from users remotely from within Active Directory.
  • There is support for SSL and TLS (ldaps://) to encrypt passwords.

Audit Trail

Audit trails are provided by the user. They track logins and activity.