Active IQ Unified Manager Discussions

Create DFM Monitoring Account

MSANDONASSGA
2,876 Views

Hello,

i'm not getting anywhere with netapp support on this topic and was hoping somebody in the community might be able to help.

 

We currently use ROOT to monitor our systems in DFM.  I want to use an existing domain service account to do this function but I don't want to elevate it to ADMIN on the filers which is Netapp's first suggestion. 

 

Has anyone created a custom role on their filers that grants only the NECESSARY capabilities to an account so that it can perform DFM monitoring but is not an admin or has login capabilities?  If so, can you let me know the capabiliities you granted the role?

 

thank you.

 

Matt

1 ACCEPTED SOLUTION

JGPSHNTAP
2,864 Views

It needs access to just about every API, so creating a role would be futile and a waste of time and effort.

 

Just create a domain service account and add it.  That's common practice.

 

If you want to break out the roles, it will take you a really long time and you will just get frustraded.

 

I manage 7-mode controllers that number in the 3 digits this way.

 

Just ensure service account password is under lock and key

 

View solution in original post

3 REPLIES 3

JGPSHNTAP
2,865 Views

It needs access to just about every API, so creating a role would be futile and a waste of time and effort.

 

Just create a domain service account and add it.  That's common practice.

 

If you want to break out the roles, it will take you a really long time and you will just get frustraded.

 

I manage 7-mode controllers that number in the 3 digits this way.

 

Just ensure service account password is under lock and key

 

MSANDONASSGA
2,846 Views

Thanks for the input. Everything I've been reading bears this out.  We'll go this way.  thanks.

 

Matt

Baiju
1,891 Views

Hi,

 

If we go with AD service account, how can we make sure that  no one can login to filer using same account via ssh.  Thanks in advance.

 

 

Public