Configuring security
You can configure security, including role groups, authentication server, user-account security settings, cryptography, and certificates.
Procedure
Complete the following steps to configure security.
- From the Initial Setup page, click Configure Additional Security Settings. The Security page is displayed.
- Create customized role groups to manage authorization and access to resources (see Creating a custom role group).
A role group is a collection of one or more roles and is used to assign those roles to multiple users. The roles that you configure for a role group determine the level of access that is granted to each user that is a member of that role group. Each XClarity Administrator user must be a member of at least one role group.
- Configure the authentication server (see Managing the authentication server).
The authentication server is a Microsoft Active Directory (LDAP) server that is used to authenticate user credentials. XClarity Administrator uses a single authentication server for central user management of all managed devices (except Flex switches). When a device is managed by XClarity Administrator, the managed device and its installed components (except Flex switches) are configured to use the XClarity Administrator authentication server. User accounts that are defined in the authentication server are used to log in to XClarity Administrator, CMMs, and baseboard management controller.
You can choose to use an external authentication server instead of the local authentication server on the management node.
- Configure the user-account security settings, which control the password complexity, account lockout, and web-session inactivity timeout (see Changing the user-account security settings).
- Configure the cryptography setting that defines the communication modes and protocols that control the way that secure communications are handled between XClarity Administrator and the managed devices (see Configuring cryptography settings on the management server)
- If you plan to manage rack servers using local authentication instead of XClarity Administrator managed authentication, create one or more stored credentials that correspond with active user accounts on the device or in Active Directory that can be used to log in to the devices during the management process. For more information about stored credentials, see Managing stored credentials.
- If you plan to use a customized server certificate that includes your own information or use an externally-signed certificate, generate and deploy the new certificate before you begin managing systems. For information about generating your own security certificate, see Working with security certificates.
- From the vertical menu on the Security page, click Return to Initial Setup.