No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Users

Managing Users

User management includes creating users, changing passwords, and modifying password rules.

Creating an Administrator User

This section describes how to create an administrator.

Prerequisites
  • Only an administrator can perform this operation.
  • Create at least two users in the administrator role. So that you can manage and configure the key management server using one of the two newly created users, in case that the password of user admin is forgotten.
  • Record the system generated passwords of the newly created users, and change the passwords in a timely manner.
Procedure
  1. Log in to the key management server web interface as an administrator.
  2. Click the Users tab and click Add User.

    The Add User window is displayed, as shown in Figure 3-78.

    Figure 3-78 Creating an administrator

  3. Set parameters.

    Table 3-21 Administrator user parameters

    Name

    Description

    Value

    Login name

    User name

    [Value range]

    The user name can contain a maximum of 32 characters.

    [Example]

    admin2

    Description

    User description

    [Example]

    User

    Role

    Role of a user. Possible values are as follows:

    • Administrator
    • Unassigned

    In this case, set the role to Administrator.

    [Example]

    Administrator

    Password expiration

    Password validity period

    [Example]

    120 days

    Auto-Logout

    Automatic logout time. If no operations are performed on the system in the set duration time, the user automatically logs out.

    [Value range]

    5 minutes to 50 minutes

    [Example]

    5

    Email address

    Email address used by the new user to receive messages

    [Example]

    xxx@xxx.com

    Confirm Email address

  4. Click Add User.

    The newly created users will be added to the existing user list. Passwords are randomly generated and prompted on the interface. Record them and change them accordingly.

    NOTE:

    Safely keep the system generated passwords for follow-up use.

  5. Log in to the key management server web interface using a newly created user and the system generated password, and change the passwords following the Changing Passwords.

Creating a Non-administrator User

Before creating users in the roles of security officer, recovery officer, or auditor, you need to create a user with unassigned roles.

Prerequisites

Create at least two users in the role of security officer and two users in the role of recovery officer. Then you can manage and configure the key management server using the newly created users, in case that passwords of user officer and user recovery are forgotten.

Procedure
  1. Add users using user admin.

    1. Log in to the key management server web interface as user admin.
    2. Click the Users tab and click Add User.

      The Add User window is displayed, as shown in Figure 3-79.

      Figure 3-79 Creating a user

    3. Set parameters.
      Table 3-22 Unassigned user parameters

      Name

      Description

      Value

      Login name

      User name

      [Value range]

      The user name can contain a maximum of 32 characters.

      [Example]

      admin2

      Description

      User description

      [Example]

      User

      Role

      Role of a user. Possible values are as follows:

      • Administrator
      • Unassigned

      In this case, set the role to Unassigned.

      [Example]

      Unassigned

      Password expiration

      Password validity period

      [Example]

      120 days

      Auto-Logout

      Automatic logout time If no operations are performed on the system in the set duration time, the user automatically logs out.

      [Value range]

      5 minutes to 50 minutes

      [Example]

      5

      Email address

      Email address used by the new user to receive messages

      [Example]

      xxx@xxx.com

      Confirm Email address

    4. Click Add User.

      The newly created users will be added to the existing user list. Passwords are randomly generated and prompted on the interface. Record the passwords for follow-up use, as shown in Figure 3-80.

      Figure 3-80 Successfully creating a user

  2. Use user officer to assign roles and permissions to the new users.

    1. Log in to the key management server web interface as user officer.
    2. Click the User tab.

      The Users window is displayed.

    3. Find a newly created user in the user list and click its user name.

      The Edit User window is displayed, as shown in Figure 3-81.

      Figure 3-81 Configuring user permissions

    4. Set parameters.
      Table 3-23 User parameters

      Name

      Description

      Value

      User smart card authentication

      Enable or disable user smart card authentication.

      [Example]

      Disable

      Role

      Specify a role for a user.

      • Officer: The user's role is a security officer.
      • Manager: The user's role is a group manager.
      • Recovery: The user's role is a recovery officer.
      • Audit: The user's role is an audit officer.

      [Example]

      Manager

      Manageable group

      Select groups to be managed by a group manager.

      [Example]

      storagepoc.com/kmipgroup2

      Visible group

      Select groups to be visible to a group manager. A group manager only has the read permission for these groups.

      [Example]

      storagepoc.com/kmipgroup

    5. Click Save.

  3. Log in to the key management server web interface using a newly created user and the system generated password, and change the passwords following the Changing Passwords.

Changing Passwords

To ensure security, change passwords of new users upon their creation, or periodically change passwords for existing users.

Prerequisites
  • You can change a password for a maximum of three times within 24 hours.
  • Keep the changed passwords properly.
Procedure
  1. Log in to the web interface using the user whose password is to be changed.
  2. Click the User tab.
  3. In the user list, find the current user name, and click.

    The Change User Password window is displayed, as shown in Figure 3-82.

    Figure 3-82 Changing passwords

  4. In the Old password, enter the current password, and enter the new password respectively in New password and Confirm password. Click Change Password.

    NOTE:

    The new password cannot be the same as any of the ten passwords set previously.

  5. Click Change Password.

    The password change is completed.

Translation
Download
Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 32800

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next