Directory Services provides secure FlashArray administration through role-based, multi-user access control.
Support
Our Directory Services implementation is supported for the following:
- Windows Active Directory
- OpenLDAP (Purity 4.7.0+ required)
Note: OpenLDAP 389DS is supported only on Purity v.5.2.0 and greater.
Role-Based Access Control
- Directory Services Provides Role Based Access Control (RBAC) through integration with Windows Active Directory by using the groups defined in AD for restricting access to the FlashArray.
- Designated Windows users may log into the Pure Array using their Windows domain credentials.
- Access is granted when a user in the Windows Domain is made a member of one of four Pure Groups which you will create in AD. To the FlashArray, each Group has its own level of access: Array Admin Access, Storage Admin Access, Ops Admin Access, and Read-only Access. (For more detailed information, please visit RBAC Command Access List - Role Based Access Controls).
Security
- There are no shared logins. With Directory Services, a user will use their own Windows Credentials to log into the FlashArray.
- You can limit access. Activity and level of activity can be controlled remotely by assigning Windows User accounts as members to Pure Groups in Active Directory.
- Access can be granted to or revoked from users remotely from within Active Directory.
- There is support for SSL and TLS (ldaps://) to encrypt passwords.
Audit Trail
Audit trails are provided by the user. They track logins and activity.