Administration Guides

What's New

  1. Release 2.5.6 20258 or later has simplified adding users and groups to roles by validating the SID or GID in the GUI before saving the role.   Using the SID and GID now allows AD group names to include spaced or some special characters.   
    1. The user name to login can use any syntax with any case of the login without any special requirements example domain\username or username@domain can be used without regard for the AD UPN value of the account.  
    2. The upgrade to this release will convert the RBAC file to include SID and GUID automatically without any user actions to switch to this new role mapping implementation.

Key Features:

Role Based Access Control (RBAC) for Eyeglass allows any role combination to be created based on Eyeglass desktop icons.   Custom roles can be created to meet any requirement of access to Eyeglass features:

  1. Default admin user has all privileges
  2. Default read-only role can see all icons
  3. Create roles and assign icons of functionality
  4. Map to user or group in AD, local Isilon/PowerScale users and groups.  
  5. All authentication is done through PowerScale API to an authentication provider, and SMB AD password validation to access zone SmartConnect FQDN's

Built in Roles and user accounts:

Eyeglass ships with built in roles and users as follows:

  1. admin
    1. Has all permissions for all products
    2. Default password 3y3gl4ss
  1. rwdefend
    1. Assigned the builtin role Ransomware Defender with ability to manage and monitor Ransomware Defender product
    2. Default password 3y3gl4ss
  1. auditor
    1. User has read and modify permissions within the Easy Auditor application
    2. Default password 3y3gl4ss
    3. Assigned the Auditor builtin group role
    5. This also includes the manage remote services icon to see Eyeglass clustered agent status

Use Cases for Custom Roles:

  1. Monitoring only -readonly role
  2. Departmental login for DR readiness view
  3. Security for Ransomware monitoring (Ransomware Defender)
  4. Unlock my files Help desk (Cluster Storage Monitor license)
    1. Use this permission to create a Help desk role for unlock my files portal

  5. Auditing for file audit (Easy Auditor)
  6. Failover only administration functions (i.e can not add new clusters)
  7. Logging and monitoring only
  8. Storage monitoring only (no DR functions)
  9. Cluster reporting only (no DR functions or storage monitoring)
  10. Centralized security to match PowerScale Role based Access groups to include DR functions with SyncIQ

Eyeglass Authentication Options

Local Eyeglass OS or Proxy Login are the two types of login Eyeglass supports.  Local Login uses a user account created in the OS.   Proxy Login options use PowerScale as the authentication provider, and proxies the user id and password to Ision for authentication validation and group membership.  Custom roles can be created in Eyeglass that can use local or proxy login for access control.

The following sections describe how to configure and use Local Eyeglass OS or Proxy Login.

Local Eyeglass OS user accounts:

When entering local users we recommend the syntax UNIX_USERS to represent the domain. Example - UNIX_USERS\read  (this is a convention to ensure its easy to know where this user will exist for authentication)

How to create new local user on the appliance:

  1. Ssh admin@x.x.x.x
  2. Sudo -s  (enter admin pwd)
  3. useradd <user name>
  4. passwd <user name>   (to set a  password)
© Superna Inc