Microsoft Virtualization Discussions

About security measures by the Connect-NcController command

orozou
8,815 Views

Nice to meet you. When I am connected to the NETAPP apparatus using the -Credential option of the Connect-NcController command of NetApp_PowerShell_Toolkit,
I think that I perform SSL certification coding in https protocol as security measures, but,
Setting / making such as a certification method between server side (NETAPP) and client-side (Toolkit) and the procedure and the file,
Would you tell me that confirmation methods such as the certification are detailed?

8 REPLIES 8

asulliva
8,563 Views

Hello @orozou,

 

The Connect-NcController cmdlet will use HTTPS by default with automatic fallback to HTTP.  If you want to force "HTTPS or fail" behavior, specify the "-HTTPS" option..conversely, if you want to use HTTP, specify the "-HTTP" option.

 

# connect using HTTPS or fail
Connect-NcController -HTTPS -Credential (Get-Credential)

 

Hope that helps.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

orozou
8,486 Views

Thank you for asulliva, an answer.


I was a Japanese, but was anxious very much because I made an inquiry using an English sentence for the first time.

 

In conclusion, better to set the "-HTTPS" option from the beginning was to understand the fact that safety.


By the way, in the sentence "Connect-NcController -HTTPS -Credential (Get-Credential)" and excluding the Get-Credential "Connect-NcController -HTTPS -Credential" and What are the differences in the execution result is?

asulliva
8,452 Views

If you provide the "-Credential" parameter then it will expect a credential object to be provided...

 

#
# inline credential gathering
#
Connect-NcController $controller -Credential (Get-Credential)

#
# store the credential in a variable
#
$credential = Get-Credential
Connect-NcController $controller -Credential $credential

#
# store the creds in a secure manner, then retrieve them.  note that only the user
# who created the credential object will be able to read it
#
$credential | Export-Clixml ./credential.xml

# retrieve them for use
Connect-NcController $controller -Credential (Import-Clixml ./credential.xml)

#
# the least secure manner, storing the username and password in plain text,
# then creating a credential object
#
$username = 'admin'
$password = ConvertTo-SecureString -String 'P@s$w0rd' -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential $username,$password

Connect-NcController $controller -Credential $credential

 

If you leave the "-Credential" parameter off all together it will check to see if the credentials have been cached (using the Add-NcCredential cmdlet), and if none are found it will prompt. 

 

Hope that helps.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

FelipeMafra
8,416 Views

Hi Orozou,

To connect to a cluster-mode filer you can use 2 protocols HTTP or HTTPS while using 7-mode you can connect using RPC too.

Connect-NcController <Controller name> -HTTPS -Credential (Get-Credential)
Means connect to a cluster-mode filer using HTTPS as protocol and the credential that will be passed from Get-Credential cmdlet.

Connect-NcController <Controller name> -HTTPS -Credential
This will probably give you an error, but you can try only Connect-NcController <Controller name> -HTTPS since it will ask for your credential.

If you are going to connect to many filers or don't want to write your credentials every time you connect to another filer make use of -Credential parameter.

Try this:

#This will store your user credential in a variable, so you don't have to enter every new connection.
$Credential = Get-Credential

#This will connect to controller without credential prompt.
Connect-NcController -Name <Controller name> -HTTPS -Credential $Credential



In a script you can do this:

Param(
    [Parameter(Mandatory = $true)]
    [string]$Filer
)

if(-not $Credential){
    $Credential = Get-Credential
}
Connect-NcController -Name $Filer -HTTPS -Credential $Credential



I hope I could help you.

orozou
8,368 Views

Mr. asulliva, Mr. FelipeMafra.


Thank you tell me a lot.
It has helped us very much. But my question method was incorrect.

 

# (1) if it was the following way, it was confirmed to become certain in an error.
Connect-NcController -Name <Controller name> -HTTPS -Credential

 

# (2)  You could access NETAPP equipment certainly by the following way.However・・・
Connect-NcController -Name <Controller name> -HTTPS -Credential (Get-Credential)

 

# (3) Even the following methods were able to access NETAPP apparatus.
Connect-NcController -Name <Controller name> -HTTPS -Credential admin

 

Isn't there also a problem like security by a way of the above (3)?
Or is a way of (2) best?

 

Multiply sorry to trouble you, but please.

 

FelipeMafra
8,350 Views

Hello,

Have you tried the 3rd method? I think it won't work. PowerShell is an object oriented script language. So -Credential expects an Credential object to be passed. You can get it by calling Get-Credential.

You have only to options, to use Credential parameter or leave it out. In the former you'll have to pass a Credential object. In the later you'll be prompted for user credentials. Ether way there is no security issue.

You'll only have a security issue depending on the protocol you choose. So please make use of HTTPS parameter. If you leave it out PowerShell will try HTTPS first with fallback to HTTP if former doesn't work. And as we all know HTTP packets can be captured and password is as plain text.

I hope I could clarify your doubts.
Sorry for any typos but I am using my mobile.

orozou
8,307 Views

Hello,
Thank you for early answers.
I am sorry in poor English.

 

Is a third way, but I try and successful access to NETAPP devices.


By the way, when you run the "get-help Connect-NcController -full" in PowerShell,
Because there was a sentence like the following in Example 2, I thought that if there is no problem.
   C:\PS>Connect-NcController 10.61.172.155 -Credential admin -Vserver vserver1

 

For now just in case, we would like to proceed in the following way.
  Connect-NcController -Name <Controller name> -HTTPS -Credential (Get-Credential)

 

Then thank you.

 

 

FelipeMafra
8,282 Views
In that example I think admin is the user credential but I might be wrong too. So try it. Don't simple accept any answer.

Most of the time I try things before posting but I am out of office and I can't do it now.
Public