Data Backup and Recovery Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Backup and Recovery Discussions

Highlighted

SME & SnapDrive authentication configured differently for security reasons

cvanagt
NetApp
‎2009-12-18 07:27 AM

Hello,

IHAC in a secure environment (Military) who will use SnapManager for Exchange in SAN FC.

He does not want to register his FAS into the AD (for security reasons), but the Exchange Server can (of course).

He will have a firewall between the Exchange Server and the FAS allowing only certain ports.

Is it supported to have :

1/ the SME agent running under a AD account who has all the necessary Exchange rights

2/ the SDW agent configured in https mode

3/ the FAS only seen from the Exchange server via the 443 port (for https snapdrive communication) ??

I did search the documentation and NOW but found nothing on this matter.

Any real-world experience ??

thanks from snowy Paris.

Cyril

4 Replies
0 Likes
4 REPLIES 4
Highlighted

Re: SME & SnapDrive authentication configured differently for security reasons

mechatronic
‎2009-12-18 09:50 AM

Hi

The only problem that i see with this configuration is that there services account provided to start the SnapDrive service. Which needs to be a local administrator and an administrator on the netapp storage.

1. so solution to this is either join netapp to the domain (which in your case seems is not happening)

2. create a common user with common passwords on both systems and add them to the local administrators groups. this works for me.

Regarding SME, could work, don't seem why not. but i haven't tried it in any environment.

interesting to know the result.

4 Replies
Highlighted

Re: SME & SnapDrive authentication configured differently for security reasons

cvanagt
NetApp
‎2009-12-21 09:26 AM

Hello,

thanks for your answer.

I know that this workaround works fine with SnapDrive alone, but in the case of SME, it seems that the SME service needs special access rights in order to manipulate the Exchange data (for instance copy & truncate the logs), access rights which come come from the AD and I would like to know if the configuration abobe (SME executed as the AD user and SnapDrive with HTTPS) is supported of not and if anyone saw it work ?

best regards,

Cyril

4 Replies
0 Likes
Highlighted

Re: SME & SnapDrive authentication configured differently for security reasons

beaupre
NetApp
‎2009-12-21 09:58 AM

Cyril,

I have successfully implemented SME where SnapDrive uses (HTTP or HTTPS) and SME is an AD user account. This is a supported configuration.

The SME service account needs specific rights within Exchange. Since Exchange is integrated within AD, the service account for SME needs to be an AD user account.

Thanks,
Mark

View solution in original post

4 Replies
0 Likes
Highlighted

Re: SME & SnapDrive authentication configured differently for security reasons

cvanagt
NetApp
‎2009-12-21 10:14 AM

Hi Mark !

Many thanks for the confirmation.

This is exactly what I wanted to know. (but I had not found any clear evidence of it anywhere in the documentation or on NOW)

happy holidays !

Cyril

4 Replies
0 Likes
Start a New Post
Check out the KB!
Knowledge Base
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2020 NetApp
Let us know