Subscribe
cvanagt
NetApp
Accepted Solution

SME & SnapDrive authentication configured differently for security reasons

‎2009-12-18 07:27 AM

Hello,

IHAC in a secure environment (Military) who will use SnapManager for Exchange in SAN FC.

He does not want to register his FAS into the AD (for security reasons), but the Exchange Server can (of course).

He will have a firewall between the Exchange Server and the FAS allowing only certain ports.

Is it supported to have :

1/ the SME agent running under a AD account who has all the necessary Exchange rights

2/ the SDW agent configured in https mode

3/ the FAS only seen from the Exchange server via the 443 port (for https snapdrive communication) ??

I did search the documentation and NOW but found nothing on this matter.

Any real-world experience ??

thanks from snowy Paris.

Cyril

0 Kudos
mechatronic
mechatronic

Re: SME & SnapDrive authentication configured differently for security reasons

‎2009-12-18 09:50 AM

Hi

The only problem that i see with this configuration is that there services account provided to start the SnapDrive service. Which needs to be a local administrator and an administrator on the netapp storage.

1. so solution to this is either join netapp to the domain (which in your case seems is not happening)

2. create a common user with common passwords on both systems and add them to the local administrators groups. this works for me.

Regarding SME, could work, don't seem why not. but i haven't tried it in any environment.

interesting to know the result.

cvanagt
NetApp

Re: SME & SnapDrive authentication configured differently for security reasons

‎2009-12-21 09:26 AM

Hello,

thanks for your answer.

I know that this workaround works fine with SnapDrive alone, but in the case of SME, it seems that the SME service needs special access rights in order to manipulate the Exchange data (for instance copy & truncate the logs), access rights which come come from the AD and I would like to know if the configuration abobe (SME executed as the AD user and SnapDrive with HTTPS) is supported of not and if anyone saw it work ?

best regards,

Cyril

0 Kudos
beaupre
NetApp

Re: SME & SnapDrive authentication configured differently for security reasons

‎2009-12-21 09:58 AM

Cyril,

I have successfully implemented SME where SnapDrive uses (HTTP or HTTPS) and SME is an AD user account. This is a supported configuration.

The SME service account needs specific rights within Exchange. Since Exchange is integrated within AD, the service account for SME needs to be an AD user account.

Thanks,
Mark

0 Kudos
cvanagt
NetApp

Re: SME & SnapDrive authentication configured differently for security reasons

‎2009-12-21 10:14 AM

Hi Mark !

Many thanks for the confirmation.

This is exactly what I wanted to know. (but I had not found any clear evidence of it anywhere in the documentation or on NOW)

happy holidays !

Cyril

0 Kudos