Role-Based Access Control (User & Provider Management in the VAST Management System) скачать в хорошем качестве

Role-Based Access Control (User & Provider Management in the VAST Management System)

This video from VAST Data Customer Education provides an in-depth explanation of Role-Based Access Control (RBAC) within the VAST Management System (VMS). For storage administrators looking to integrate VAST cluster administration with their existing Active Directory (AD) or OpenLDAP infrastructure, this guide covers how to delegate VMS access based on group membership. We begin by clarifying that VMS RBAC is entirely group-based; individual users are not managed directly within VAST. Once a group is defined with specific rights, any user added to that group in AD or OpenLDAP will automatically gain the corresponding VMS administrative access, simplifying user management. Password management for these users remains with the external identity provider. The tutorial details the necessary steps to enable an identity provider for VMS authentication: Editing the provider configuration to enable the "VMS authentication provider" option. The crucial requirement that this provider must be configured as part of a tenant (even if the tenant serves no other purpose for VMS 5.2 and earlier). A strong emphasis on ensuring encrypted connections (Start TLS or LDAPS) for the chosen provider to maintain security. The core of VMS RBAC is defined through roles. The video explains how VAST provides several predefined roles (e.g., Events, Hardware, Logical, Monitoring, Security, Settings, Support), to which existing AD/LDAP groups can be assigned. While predefined role permissions are fixed, the demonstration shows how to create new roles with custom access definitions. A key highlight is the introduction of custom realms (available from VAST 5.2 onwards), enabling granular permission control. This allows administrators to define roles with very specific access, such as a "Quota Administrator" role that can only manage quota-related entities and operations (create, view, edit, delete). Finally, the video briefly covers the VMS login process, detailing how the system authenticates users against the configured external provider and caches group lookup information for efficient session management. This comprehensive tutorial equips VAST Data operators with the knowledge to implement robust access control, delegate administrative tasks, and secure their VAST cluster management through seamless integration with their existing directory services. Keywords: VAST Data, VAST Management System, VMS, RBAC, Role-Based Access Control, Active Directory, AD, OpenLDAP, LDAP, identity provider, user management, group-based access, authentication, authorization, VAST cluster, storage administrator, data storage operator, product tutorial, VMS authentication, encrypted connection, Start TLS, LDAPS, predefined roles, custom roles, custom realms, granular permission, logical realm, security, network security, access control.