APPLICATION NOTE

Using DirectControl with EMC Celerra Network Server

Integrating EMC Celerra Network Server and Centrify DirectControl to ensure that users in a multiprotocol environment are granted the proper permissions regardless of how they access files

Published: 26 October 2006

EMC Celerra Network Servers enable enterprises to provide a highly available and scaleable data storage service that simultaneously supports multiple client access protocols, including NFS, CIFS and iSCSI. Although multiprotocol support makes it easy for these servers to support different operating systems, it also means that the same user may be logged in to these different operating systems while trying to gain access to files. The challenge in these multiprotocol environments is to maintain the security of the files stored in the system and to ensure that the user's identity is mapped correctly among the systems to ensure proper file permissions are granted regardless of how the user accesses the files.

To ensure that the user is granted proper access to files stored within the Celerra Network Server, the user's identity must be consistently defined from both UNIX and Windows operating systems from the Celerra Network Server's point of view. The user's identity on the host UNIX system is typically shared between the Celerra Network Server and the UNIX system by using either NIS or LDAP as a common repository. However, when a Windows user is trying to access files on the Celerra Network Server, the user's Windows account must be mapped to an appropriate UNIX identity in order to grant access.

Centrify provides a mechanism for centrally managing the mapping data. This application note describes the various ways to integrate the Celerra Network Servers with the mapping data that DirectControl maintains for users and groups.