Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
cloudappliance/adintegration [2018_01_30 17:23] – external edit 127.0.0.1 | cloudappliance:adintegration [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Connecting the File Fabric to Active Directory ====== | ||
- | |||
- | Storage Made Easy’s File Fabric can support a delegated authentication model in which users’ credentials are validated not by the File Fabric but by an external authentication system such as SAML or Active Directory (AD). The File Fabric offers two ways to connect to Active Directory. One way is to communicate directly with the AD server using LDAP (Lightweight Directory Access Protocol). The other is to use a proxy program, Active Directory Proxy (AD Proxy), provided by Storage Made Easy. When the proxy program is used the File Fabric speaks to the proxy and the proxy speaks to the AD server. | ||
- | |||
- | Allowing the File Fabric to connect directly to the AD server using LDAP requires that the AD server be visible to the File Fabric over a network. If both the File Fabric and the AD server are running behind the customer’s firewall, this arrangement doesn’t present any special security challenges. If, however, the File Fabric Appliance is running in a third party data centre, as is the case for SME’s IaaS customers, then the AD server will have to be accessible to the File Fabric over the public internet. To secure this kind of connection customers may choose to use either a firewall to filter traffic by IP address or a virtual private network (VPN) to provide a private network tunnel between the File Fabric Appliance and the AD server. Additionally they will almost certainly want to use either TLS or LDAPS, both of which are supported by the File Fabric, to encrypt the traffic. | ||
- | |||
- | When AD Proxy is used instead of a direct connection there is no need to expose the AD server over a network; only the proxy needs to be exposed. The proxy need not run on the AD host. Traffic between AD Proxy and the File Fabric Appliance is automatically encrypted using symmetrical encryption keys. | ||
- | |||
- | Although both connectivity options - direct connection with LDAP and AD Proxy - allow SME to use AD for authentication, | ||
- | |||
- | Organisations that are implementing AD authentication with the File Fabric should weigh the simplicity of the AD Proxy’s network security model versus the functional advantages of the direct LDAP connection when deciding which method of integration to pursue. | ||
- | |||