HPE Community
Array Setup and Networking
1827293 Members
2921 Online
109717 Solutions
New Discussion

Please update HPE Nimble Storage to version 5.0.x or newer to employ AD Integration using SMB2.x

 
Chris_Lionetti
HPE Pro

‎05-14-2019 04:13 PM - edited ‎05-14-2019 04:15 PM

‎05-14-2019 04:13 PM - edited ‎05-14-2019 04:15 PM

Please update HPE Nimble Storage to version 5.0.x or newer to employ AD Integration using SMB2.x

So Nimble Storage has been able to join a Microsoft Active Directory domain from day 1, and this allows you to let AD Authenticate users to the Nimble array without the need to create an account for each user.

The best practice here is to create an AD Group for each of the different levels of Nimble Privileges (at the least). This means I would want to create a Windows AD groups and map them to built in roles as follows;

  • NimbleAdmins --> Nimble Admin Role
  • NimblePowerUsers --> Nimble PowerUser Role
  • NimbleOperators --> Nimble Operator Role
  • NimbleGuests --> Nimble Guest Role

As with all things security you want to employ a least-privilege mode, where you evaluate who needs what access. As an example. if I have an account that is used for auditing and SCOM integration, it really only needs read access, so it can survive with a guest account. The Regular operators are limited to creation of volumes and snapshots and clones, but lacks the ability to delete. My power users get much more control, but lack the ability to change the hardware and network settings of the controllers.

You can check out the Administrators guide for a list of exactly which privilege are reserved for which roles.

One of the weaknesses of older versions of the Nimble OS was the use of SMB1.0 which lacks sophisticated encryption, while SMB2.x uses modern encryption, and currently shipping versions of Windows Server (2016 & 2019) are disabling SMB1.0 by default. If you update your Nimble OS to 5.0.x or newer, the array will use proper SMB 2.x to communicate to the domain controllers.

 

 

Chris Lionetti
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.