The system supports several security-related features that can help protect system data
and resources from unauthorized access.
- User security and authentication
- The system supports both local users and remote users who are authenticated
to the system through a remote authentication service. You can create local users who can access the
system. These user types are defined based on the administrative privileges that they have on the
system. Local users must provide either a password, a Secure Shell (SSH) key, or both. Local users
are authenticated through the authentication methods that are configured on the system. If the local
user needs access to the management GUI, a password is needed for the user. If the user requires
access to the command-line interface (CLI) through SSH, either a password or a valid SSH key file is
necessary. Local users must be part of a user group that is defined on the system. User groups
define roles that authorize the users within that group to a specific set of operations on the
system.
A remote user is authenticated on a remote service with Lightweight Directory
Access Protocol (LDAPv3) support. A remote user does not need local authentication methods. With
LDAP, having a password and SSH key is not necessary, although SSH keys optionally can be
configured. Remote users who need to access the system when the remote service is down also need to
configure local credentials. Remote users have their groups defined by the remote authentication
service.
- SSL/TLS security controls
- The system supports a choice of
security levels and higher levels to enforce a minimum level of
SSL (Secure Sockets Layer)/TLS (Transport Layer Security) that
can be used to access the system. Only clients that support the minimum
SSL/TLS level that is enforced by the system are able to establish
secure connections.