Here’s a summay of the recent updates for the PowerProtect Data Manager Appliance, DM5500, Release 5.13.0.0
The update has several new features, enhancements and stability improvements.
Active Directory Integration
Based on the group to role mapping defined, AD users from a specific group will be able to log in to the appliance.
Only, secure AD connection is supported. AD traffic is secured using TLS by default.
Group to Role mapping
To authorize the level of access for a specific user, the DM5500 appliance uses the group to role mapping mechanism. This mechanism can also be leveraged to authorize AD users.
There are different roles available which the user can opt for and the only caveat is that you cannot assign a security officer role to an AD group (AD group members have different privileges based on their roles). Only one security officer role can be assigned to a user, the user must be local to the application.
Integrating Active Directory with Dell PowerProtect Data Manager Appliance
The Below clip shows how to integrate Actiev Director with the DM5500
Security
Multi-factor authentication
PowerProtect Data Manager Appliance now supports Multi-factor authentication (MFA) for users to login to the UI dashboard by providing the valid One-Time Password (OTP) Authenticator. Currently, Google Authenticator is the supported method, with more to come in future. If configured, by default, all the users in DM5500 will have to login via MFA except admin and Security officer. MFA is enabled by default for AD users.
For further detail, see the PowerProtect Data Manager Appliance Security Configuration Guide for DM5500 here
Bypassing MFA
MFA can be bypassed so a user doesn’t have to key in OTP to gain access to the system (Only credentials would be sufficient for login)
Any user with admin privilege can bypass local users from MFA with following steps:
- Login via administrator role user and select the user to be bypassed in access control panel
- Go to Administrator -> Access Control Users/Groups tab
- Click on EDIT button, and check the Bypass MFA checkbox
- Follow next tabs and finish to bypass the user
Multi factor Authentication in PowerProtect Data Manager Appliance – Further Resources
Audit Logging – Enhancements
Apart from the existing Data Domain and PPDM audit information. Audit logging now enables you to discover access violations, changed or deleted files, failed authentication, and so on. With the Administrator, Security Administrator, and User roles, you can view audit logs to monitor system activity.
Physical Network Separation
With the new Release, Physical network Separation is supported
Options:
–PCIe slot 3
- 2 available ports for Optical
- 4 available ports for Copper
–PCIe slot 4
- 2 available ports for Copper
PowerProtect Data Manager Appliance Physical Network Separation- Further Resources
System configuration (re-configuration)
Enables you to modify the location, time zone, and the NTP server for the PowerProtect Data Manager Appliance.
Customers can change now change the following
–DNS, NTP, Time zone
Other settings are a Support driven activity
