Configuring remote authentication

You can configure SAN Volume Controller to use a remote authentication service. Remote authentication allows users of SAN management applications, such as IBM® Tivoli® Storage Productivity Center, to authenticate to the cluster using the authentication service provided by the SAN management application.

Ensure that the remote authentication service is configured for the SAN management application. To complete this task, you should have the following information regarding the remote authentication service:

Web Address for the remote authentication service.
User name and password for HTTP basic authentication. These credentials are created by and obtained from the administrator of the remote authentication service.
SSL certificate.
Note: An SSL certificate is required only if you are using a secure Web address for the remote authentication service.

This task assumes that you have already launched the SAN Volume Controller Console. To enable and configure remote authentication service for the cluster, follow these steps:

In the portfolio, click Manage Authentication > Remote Authentication. The Configuring Remote Authentication panel is displayed.
To enable remote authentication service, select Enable.
Note: You can also disable remote authentication by deselecting Enable.
Enter the following attributes for the remote authentication service:
Service Web Address (IPv4 or IPv6)
Enter the Web address of the remote authentication service. SAN Volume Controller supports both IPv4 or IPv6 network addresses for the remote authentication service. You can use the following characters: a - z, A - Z, 0 - 9, _, ~, :, [, ], %, or /. The maximum length of the Web address is 100 characters. The Web address can have either of the following formats:
- http://network_address:http remote authentication service port number/path_to_service
- https://network_address:https remote authentication service port number/path_to_service
  For example, if the system network IPv4 address is 9.71.45.108, you could enter either of the following corresponding addresses:
  http://9.71.45.108:16310/TokenService/services/Trust https://9.71.45.108:16311/TokenService/services/Trust
  Note:
  To obtain the correct remote authentication service port numbers and service path, consult the documentation for your remote authentication service software.
  
  To use a secure Web address, an SSL certificate in privacy enhanced mail (PEM) format is required.
User Name

Enter the HTTP basic authentication user name that is required to obtain service from the remote authentication server. The user name cannot start or end with a blank. The user name can consist of a string of 1 - 64 ASCII characters with the exception of the following characters: %:",*' .

Password

Enter the HTTP basic authentication password that is required to obtain service from the remote authentication server. The password cannot start or end with a blank. The password can consist of a string of 6 - 64 printable ASCII characters.

Re-enter Password

Re-enter the HTTP basic authentication password.

SSL Certificate

Enter the fully qualified name of the file that contains the SSL certificate in PEM format for the remote authentication service. The maximum file length for the SSL certificate is 2048 bytes. An SSL certificate is required to authenticate to the remote authentication service when a secure Web address is configured.
Click OK.