Managing security

The system supports several security-related features that can help protect system data and resources from unauthorized access.

User security and authentication

The system supports both local users and remote users who are authenticated to the system through a remote authentication service. You can create local users who can access the system. These user types are defined based on the administrative privileges that they have on the system. Local users must provide either a password, a Secure Shell (SSH) key, or both. Local users are authenticated through the authentication methods that are configured on the system. If the local user needs access to the management GUI, a password is needed for the user. If the user requires access to the command-line interface (CLI) through SSH, either a password or a valid SSH key file is necessary. Local users must be part of a user group that is defined on the system. User groups define roles that authorize the users within that group to a specific set of operations on the system.

A remote user is authenticated on a remote service with Lightweight Directory Access Protocol (LDAPv3) support. A remote user does not need to be added to the list of users on the system, although they can be added to configure optional SSH keys. Remote users cannot access the system when the remote service is down. In that case, a local user account must be used until the remote service is restored. Remote users have their groups defined by the remote authentication service.

SSL/TLS security controls

The system supports a choice of security levels and higher levels to enforce a minimum level of SSL (Secure Sockets Layer)/TLS (Transport Layer Security) that can be used to access the system. Only clients that support the minimum SSL/TLS level that is enforced by the system are able to establish secure connections.