For HCP to support AD, you need to configure HCP to identify the domain in the AD forest to be used for HCP user authentication and provide credentials for an existing AD account in that domain. This AD user account is used to configure HCP in the AD domain.
All AD domain controllers configured for the domain used for HCP user authentication must be able to communicate with HCP over the [hcp_system] network. Therefore, each AD domain controller must have at least one IPv4 or IPv6 address that is routable from the [hcp_system] network.
You also need to specify (or accept the defaults for) the existing organizational unit (OU) in which computer accounts will be created for the HCP nodes, along with the name of a computer account that HCP will use when querying AD for groups and other information. That computer account will be in the same AD groups as the user account you specify.
You can choose to enable secure communication between HCP and AD for the configuration of the computer account that HCP will use for querying AD. In this case, HCP needs a copy of the SSL certificate that allows clients to connect securely to the LDAP server used by AD. You need to export this certificate from AD as a base-64-encoded X509 certificate and then upload it to HCP on the Active Directory page.
For secure communication with AD when configuring the computer accounts for the HCP nodes, HCP uses NTLMv2 by default for new AD connections. When configuring support for AD, you can specify that HCP should use NTLM instead.
© 2017 Hitachi Data Systems Corporation. All rights reserved.