An HCP system can be configured to support Active Directory. With the system configured this way, you can create HCP group accounts that correspond to AD groups at both the system and tenant levels. AD users in those AD groups then have access to HCP through the various HCP interfaces, subject to the roles and permissions associated with the HCP group accounts.
For HCP to work with AD, you first need to prepare AD for access by HCP. Then you need to configure HCP to support AD. The table below outlines the major steps in this procedure.
Step | Activity | More information |
---|---|---|
1 |
If you want to secure communication between HCP and AD, create an SSL certificate in AD. This certificate will allow HCP to connect securely to the LDAP server used by AD. |
Create the SSL certificate |
2 |
Export the SSL certificate you created so it can be uploaded to HCP. |
Export the SSL certificate |
3 |
Create an AD group. |
Create an AD group |
4 |
Give the AD group permissions for the organizational unit (OU) or common name (CN) in which computer accounts will be created for the HCP nodes. |
Give permissions to the new AD group or to the Domain Computers group |
5 | Grant permissions to a new or existing AD user account. | Grant permissions to an AD user account |
6 |
Create a reverse lookup zone for the applicable AD domain in your DNS. |
Create the reverse lookup zone for the AD domain |
7 |
Configure support for AD in HCP. |
Configure support for AD in HCP |
This appendix describes the prerequisites for configuring AD to support HCP and contains instructions for the first six steps outlined above. These instructions are for Windows Server 2008 R2, but the concepts are the same for Windows Server 2012 and all earlier versions.
For information and instructions on configuring support for AD in HCP, see Configuring Active Directory or Windows workgroup support. For information on creating HCP group accounts, see Working with group accounts and Managing a Tenant and Its Namespaces.
© 2017 Hitachi Data Systems Corporation. All rights reserved.