Access control of InfiniMetrics

Follow

Viewing the metrics of an InfiniBox system requires credentials that are set on the InfiniBox system. InfiniBox supports both local users and LDAP users.

Collecting performance Metrics using a local user

Set via InfiniBox (using either the GUI, InfiniShell, or the Management API), the local user is not affected by the company’s LDAP policy. That is, it does not have to change password periodically, etc.

The user can be set with a permission level of ReadOnly, thus, can cause no harm to the monitored InfiniBox systems.

Collecting performance Metrics using an LDAP user

Set via InfiniBox (using either the GUI, InfiniShell, or InfiniAPI), either an LDAP user or an LDAP group can be granted access to InfiniBox. Defining a group allows administrators to add / remove users from the LDAP group. InfiniBox immediately inherits these settings. Similar to a local user the LDAP user or user group can have ReadOnly permissions on InfiniBox to prevent any harm.

When a system is added to InfiniMetrics and the credentials belong to an LDAP user, these credentials have to be updated whenever they are changed on the LDAP server. Otherwise, the InfiniBox system will reject the InfiniMetrics login, causing a disruption in the data collection.

Instructions on how to set a user on InfiniBox

See the Authentication and Security and LDAP Integration chapters on the InfiniBox Theory of Operation publication.


Comments

Powered by Zendesk