No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor Dorado V3 Series V300R001

This document is applicable to OceanStor Dorado5000 V3, Dorado6000 V3 and Dorado18000 V3. This document introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Users

Managing Users

This section describes how to manage users of the key management server such as creating users and changing the password or password policy.

Creating an Administrator User

This section describes how to create an administrator user.

Prerequisites
  • Only users having the High Access Administrator permission can perform this operation.
  • At least two users having the High Access Administrator permission have been created. If the password of account admin is forgotten, you can use the created users to configure and manage the key management server.
Procedure
  1. Log in to the key management server web interface as user admin.
  2. Choose Device > Administrators > Administrators.

    The Administrator Configuration page is displayed, as shown in Figure 4-47.

    Figure 4-47 User list

  3. Click Create Local Administrator.

    The Create Local Administrator page is displayed, as shown in Figure 4-48.

    Figure 4-48 Creating a user

  4. Configure information such as the user names and passwords for the created users, and grant permission based on requirements.

    • If you need to create a user having the High Access Administrator permission, select High Access Administrator. The system automatically grants all permission for the user.
    • If you need to create an administrator with specified permission, do not select High Access Administrator. Grant corresponding permission in the permission list in the lower part of this page.

  5. Click Create.

    The newly created users will be displayed in the user list.

    NOTE:

    To improve system security, the passwords must be changed when the created users log in to the server for the first time.

Creating a Local User

This section describes how to create a local user. When the key management server authenticates a storage system using the Key Management Interoperability Protocol (KMIP), it identifies the storage system based on the user.

Prerequisites

To ensure that the key management server can identify the storage system successfully, the local user name of the key management server must be set to Storage, which is the same as the OU value in the signed certificate of the storage system.

You can query the OU value as follows:

  1. Double-click the certificate.
  2. Click the Detail tab, and select User. You can view the OU value in the lower pane.

Context

Create at least one local user.

Procedure
  1. Log in as the admin user to the key management server's web interface.
  2. Choose Security > Users & Groups > Local Authentication > Local Users & Groups.

    The User & Group Configuration page is displayed, as shown in Figure 4-49.

    Figure 4-49 Local user page

  3. In the Local User area, click Add.

    Figure 4-50 shows the page that is displayed.

    Figure 4-50 Local user information setting page

  4. Set user information.

    Table 4-13 User parameters

    Parameter

    Description

    Setting

    Username

    Name of the new user. You are advised to set the value to Storage.

    [Example]

    Storage

    Password

    Password of the new user.

    [Example]

    admin@123

    User Administration Permission

    Permission to create, modify, and delete a user or user group.

    [Example]

    Not selected

    [Recommended value]

    Not selected

    Change Password Permission

    Permission to modify a user's own password.

    [Example]

    Not selected

    [Recommended value]

    Not selected

    The name of the new user must be the same as the value of OU (Storage by default) in the certificate signed in the storage system. If the name is different from the OU value, the storage system and key management server may fail to be authenticated.

  5. Click Save.

    The new user is displayed in the user list.

Changing the Password

This section describes how to change the password of the current login user.

Prerequisites

Users can only change their own passwords.

Procedure
  1. Log in to the key management server web interface.
  2. Choose Device > Administrators > Password Management.

    The Administrator Configuration page is displayed, as shown in Figure 4-51.

    Figure 4-51 Changing the password

  3. In the Change Your Password area, enter the original password and the new password of the current login user. Confirm the new password and click Change Password.

    The system displays a message indicating that the password is changed successfully, as shown in Figure 4-52.

    Figure 4-52 Password changed successfully

  4. Log in to the server using the new password.

Modifying a Password Policy

This section describes how to modify a password policy.

Prerequisites

Only users having the High Access Administrator permission can modify the password policy.

Procedure
  1. Log in to the key management server web interface.
  2. Choose Device > Administrators > Password Management.

    The Administrator Configuration page is displayed.

  3. Click Edit.

    Figure 4-53 shows the page.

    Figure 4-53 Modifying the password policy

  4. In Password Expiration, enable or disable the password expiration function. If you enable it, configure the maximum validity period (365 days). In Password History, enable or disable the historical password recording function. If you enable it, configure the number of historical passwords (1 to 25). The historical passwords cannot be used when you configure new passwords. In Minimum Password Length and Password Must Contain At Least One, configure the minimum length of the password and the password elements. Click Save.

    The password policy is changed successfully.

Translation
Download
Updated: 2018-11-01

Document ID: EDOC1000159246

Views: 33005

Downloads: 199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next