No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor BCManager 6.5.0 eReplication User Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of Account Information

Overview of Account Information

To ensure system security, you are advised to periodically change the passwords of accounts in eReplication by following related password changing methods. Otherwise, security risks may exist.

Table 7-12 lists common default login accounts.

Table 7-12  Common login accounts
Category Description Default Account User Permission Password Protection Mechanism

eReplication account

eReplication GUI login account

User name: admin

Password: Admin@123

This account is used to log in to GUI and has the rights of the super administrator.

The account is locked for three minutes after five consecutive incorrect passwords are entered. You can change the lock period in the security policy.

eReplication northbound REST interface authentication account

Username: user-definable

NOTE:
When creating such a user, the administrator group must be set to NBIRole.

To ensure the security of a disaster recovery (DR) system, an NBI user role named NBIRole is provided. This user role assigns a third-party system the permission to interconnect with the disaster recovery system using a REST interface.

Disaster recovery system administrators can create an NBIRole user, allocate resources to the user, and provide the user to a third-party system. Then the third-party system can access the resources allocated to the user after passing the REST northbound authentication. However, an NBIRole user can only be used by a third-party system to interconnect with the disaster recovery system, but cannot be used to log in to the disaster recovery system through a portal.

A third-party storage system can use other roles, such as administrators, operators, and observers, to interconnect with the disaster recovery system as long as these roles have sufficient resource access and operation permissions and have been allocated to the third-party system by the disaster recovery administrator. As these roles can log in to the disaster recovery system though a portal, you are advised to allocate NBIRole users to third-party systems to ensure the security of the disaster recovery system.

The IP address is locked for 30 minutes if ten consecutive incorrect passwords are entered. If one correct password is entered, the counting of incorrect passwords starts from 0 again.

REST NBI authentication account in remote DR mode and when two eReplication are deployed

Username: SyncAdmin

Password: Admin1@BCM

This account is used for the communication between two eReplication servers, and cannot be used by a third-party system or to log in to eReplication for system maintenance.

The IP address is locked for 30 minutes if ten incorrect passwords are entered.

eReplication operating system account

eReplication administrator account of the operating system

User name: root

Password:
  • Installed using a template: Huawei@CLOUD8!
  • Installed using the software package: user-definable

This account has the rights of an operating system administrator.

The account is locked for five minutes after five consecutive incorrect passwords are entered.

eReplication account for running background processes

  • In Linux:
    • Username: ICUser
    • Password: Huawei@CLOUD8
  • In Windows:
    • Username: NETWORK SERVICE
    • Password: none

This account is used to run background processes.

  • In Linux, it is risky to run background processes as user root. It is recommended that account ICUser with lower permission be used for running these processes.

    User ICUser belongs to user group LEGO and cannot remotely log in to the system. User ICUser, default user directory /home/ICUser, and user group LEGO will not be deleted when eReplication is uninstalled. You can manually delete them when necessary.

  • In Windows, it is risky to run background processes as the administrator. It is recommended that account NETWORK SERVICE with lower permission be used for running these processes.

The account is locked for five minutes after five consecutive incorrect passwords are entered.

eReplication account for running the monitor process

  • In Linux:
    • Username: ICUser
    • Password: Huawei@CLOUD8
  • In Windows:
    • Username: SYSTEM
    • Password: none

This account is used to run the monitor process.

  • In Linux, it is risky to run the monitor process as user root. It is recommended that account ICUser with lower permission be used for running the process.

    User ICUser belongs to user group LEGO and cannot remotely log in to the system. User ICUser, default user directory /home/ICUser, and user group LEGO will not be deleted when eReplication is uninstalled. You can manually delete them when necessary.

  • In Windows, it is risky to run the monitor process as the administrator. It is recommended that account SYSTEM with lower permission be used for running the process.

The account is locked for five minutes after five consecutive incorrect passwords are entered.

eReplication account for running foreground processes

  • In Linux:
    • Username: Tomcat
    • Password: none
  • In Windows:
    • Username: NETWORK SERVICE
    • Password: none

This account is used to run foreground processes only.

  • In Linux, it is risky to run foreground processes as user root. It is recommended that account Tomcat with lower permission be used for running these processes. After eReplication is installed, the Tomcat account is automatically created. By default, the Tomcat account cannot be used for interactive login. User Tomcat belongs to user group LEGO. User Tomcat, default user directory /home/Tomcat, and user group LEGO will not be deleted when eReplication is uninstalled. You can manually delete them when necessary.
  • In Windows, it is risky to run foreground processes as the administrator. It is recommended that account NETWORK SERVICE with lower permission be used for running these processes.
-

eReplication maintenance account

  • In Linux:
    • User name: DRManager
    • Password: Huawei@CLOUD8
  • In Linux, after eReplication is installed, the DRManager is automatically created. This account is used to interconnect with SmartKit to collect information and perform inspection for servers.

    User DRManager belongs to user group LEGO. User DRManager, default user directory /home/DRManager, and user group LEGO will not be deleted when eReplication is uninstalled. You can manually delete them when necessary.

The account is locked for five minutes after five consecutive incorrect passwords are entered.

Operating system account used to run databases

  • In Linux:
    • Username: GaussDB
    • Password: none
  • In Windows:
    • Username: NETWORK SERVICE
    • Password: none

This account is used to run databases only and cannot be used for login.

In Linux, user GaussDB belongs to user group LEGO.

-

OS grub booting program

  • In Linux:
    • User name: root
    • Password: Huawei#12
      NOTE:
      Only in the template-based deployment, the default password of grub is Huawei#12.

The grub booting program is used to boot the operating system for starting.

-

eReplication database account

eReplication database default account

User name: GaussDB

Password:
  • Installed using a template: BCM@GaussDB123
  • Installed using the software package: user-definable

This account has the highest database permission, including all system and object permissions.

-

eReplication database access account

User name:
  • Installed using a template: RDDBuser
  • Installed using the software package: RDDBuser and can be self-defined
Password:
  • Installed using a template: BCM@GaussDB123
  • Installed using the software package: user-definable

This account is used to access the database.

The account is locked for 24 hours if ten consecutive incorrect passwords are entered. If one correct password is entered, the counting of incorrect passwords starts from 0 again.

eReplication agent account

Account used to start the eReplication agent

  • In Linux, AIX, HP-UX, and Solaris:
    • Username: rdadmin
    • Password: user-definable
  • In Windows:
    • Username: SYSTEM
    • Password: none
  • In Linux, AIX, HP-UX, and Solaris, it is risky to start the eReplication agent service as user root. It is recommended that account rdadmin with lower permission be used for starting this service. When installing the eReplication agent, you need to manually create the rdadmin account and set the login password for the account.
  • In Windows, it is risky to start the eReplication agent service as the administrator. It is recommended that account SYSTEM with lower permission be used for starting the service.

-

Account for running the RdAgent and RdProvider services of the eReplication Agent
  • In Linux, AIX, HP-UX, and Solaris:
    • Username: rdadmin
    • Password: user-definable
  • In Windows:
    • Username: SYSTEM
    • Password: none
  • In Linux, AIX, HP-UX, and Solaris, it is risky to run the RdAgent and RdProvider services as user root. It is recommended that account rdadmin with lower permission be used for running the services. When installing the eReplication agent, you need to manually create the rdadmin account and set the password for the account.
  • In Windows, it is risky to run the RdAgent and RdProvider services as the administrator. It is recommended that account SYSTEM with lower permission be used for running the services.

-

Account for running the RdMonitor and RdNginx services of the eReplication agent
  • In Linux, AIX, HP-UX, and Solaris:
    • Username: rdadmin
    • Password: user-definable
  • In Windows:
    • Username: rdadmin
    • Password: Huawei@123
  • In Linux, AIX, HP-UX, and Solaris, it is risky to run the RdMonitor and RdNginx services as user root. It is recommended that account rdadmin with lower permission be used for running the services. When installing the eReplication agent, you need to manually create the rdadmin account and set the password for the account.
  • In Windows, it is risky to run the RdMonitor and RdNginx services as the administrator. It is recommended that account rdadmin with lower permission be used for running the services. During the eReplication agent installation, the system automatically creates the rdadmin account.

-

eReplication agent login account

Username: user-definable

Password: user-definable

The eReplication agent login account is defined by users. The username of the account cannot be changed, but its password can be changed. The account is used for authentication.

The IP address is locked for 15 minutes if three incorrect passwords are entered.

Account for reporting alarms using SNMPv3

Account and default parameters for the agent to report alarms using SNMPv3

Username: rdadmin

Authentication password: BCM@DataProtect6

Authentication protocol: HMAC_SHA1 or HMAC_SHA2

Data encryption protocol: AES

Data encryption password: BCM@DataProtect8

This account is used by the agent to report alarms using SNMP v3.

-

VRG operating system account

VRG operating system account

Username: root

Password: Huawei@CLOUD8!

This account has the rights of an operating system administrator.

The account is locked for five minutes after three incorrect passwords are entered.

VRG operating system account (service account)

Username: gandalf

Password: Huawei@CLOUD8

This account has the rights of a common operating system user and can be used to operate services.

The account is locked for five minutes after three incorrect passwords are entered.

Operating system grub boot program

grub password: Admin123#

This program is used to boot the start of the operating system.

-

VRG system internal account

VRG NBI REST interface authentication account

Username: admin

Password: Huawei@CLOUD8!

This account has the rights of the system administrator.

The account is locked for five minutes after three incorrect passwords are entered.

Account for the VRG agent to report alarms using SNMPv3

Username: admin

Password: none
NOTE:
By default, the VRG has no password after being installed. You need to follow instructions in Changing the Password of the Alarm Reporting Account of the VRG's SNMP Agent to initialize passwords.

This account is used by the VRG agent to report alarms using SNMP v3.

-

VRG pairing authentication account

Username: none

Password: Huawei@CLOUD8!

This account is used for VRG pairing authentication.

-

System account

System account for clearing alarms

Username: system

User system represents the system but not a real user in the system.

-

Table 7-13 lists internal accounts of the OS.
Table 7-13  OS internal accounts

Account

Description

Account Authority

bin

System account of the bin service

In Linux, when the template-based installation mode is used, the OS provides system accounts. External users cannot log in to the Linux system using these accounts.

daemon

System account used to manage background processes

adm

adm account

lp

System account of the print service

sync

System account of the sync service

shutdown

System account of the shutdowm service

halt

System account of the shutdowm service

mail

System account of the mail service

operator

Operator account

games

Games account

ftp

System account of the FTP daemon

nobody

Account that does not belong to any privileged group, does not own any file, and only has the basic rights as those of other users

dbus

System account of the dbus service

tss

System account used for trusted computing

polkitd

System account of the polkit service

ntp

System account of the NTP daemon

sshd

System account of the SSH daemon

avahi-autoipd

Avahi IPv4LL account

libstoragemgmt

Account of the libStorageMgmt daemon process

systemed-bus-proxy

Bus agent account of Systemd

systemed-network

Network service account of Systemd

Translation
Download
Updated: 2019-05-21

Document ID: EDOC1100075861

Views: 14269

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next