Here is a summay of the recent updates for the PowerProtect Data Manager Appliance. The DM5500 – 5.13 (referred to as R2) has recently been released and comes with several new features, enhancements and stability improvements.
Here are the key highlights.
Active Directory Integration
Based on the group to role mapping defined, AD users from a specific group will be able to log in to the appliance.
Only, secure AD connection is supported. AD traffic is secured using TLS by default.
Figure 1: Access Control Settings
Figure 2: Access Role Settings Continued….
Group to Role mapping
To authorize the level of access for a specific user, the DM5500 appliance uses the group to role mapping mechanism. This mechanism can also be leveraged to authorize AD users.
There are different roles available which the user can opt for and the only caveat is that you cannot assign a security officer role to an AD group (AD group members have different privileges based on their roles). Only one security officer role can be assigned to a user, the user must be local to the application.
Figure 3: Group to Role Mapping
Integrating Active Directory with Dell PowerProtect Data Manager Appliance – Further Resources
Security
Multi-factor authentication
PowerProtect Data Manager Appliance now supports Multi-factor authentication (MFA) for users to login to the UI dashboard by providing the valid One-Time Password (OTP)- Authenticator (OTP). Currently, Google Authenticator is the supported method, with more to come in future.
If configured – By default, all the users in DM5500 will have to login via MFA except admin and Security officer. MFA is enabled by default for AD users
For further detail, see the PowerProtect Data Manager Appliance Security Configuration Guide for DM5500 here
Figure 4: Access Control:- Multifactor Authentication
Bypassing MFA
MFA can be bypassed so a user doesn’t have to key in OTP to gain access to the system (Only credentials would be sufficient for login)
Any user with admin privilege can bypass local users from MFA with following steps:
- Login via administrator role user, and select the user to be bypassed in access control panel
- Go to Administrator -> Access Control Users/Groups tab
- Click on EDIT button, and check the Bypass MFA checkbox
- Follow next tabs and finish to bypass the user
Multi factor Authentication in PowerProtect Data Manager Appliance – Further Resources
Audit Logging – Enhancements
Apart from the existing Data Domain and PPDM audit information. Audit logging now enables you to discover access violations, changed or deleted files, failed authentication, and so on. With the Administrator, Security Administrator, and User roles, you can view audit logs to monitor system activity.
Figure 5: Navigate to administration -> audit logs. To export the log files as CSV file. The User can click on “Export All” option. Only user with administrator role can export the logs
Physical Network Separation
With the DM5500 R2 Release, Physical network Separation is supported
Options:
–PCIe slot 3
- 2 available ports for Optical
- 4 available ports for Copper
–PCIe slot 4
- 2 available ports for Copper
PowerProtect Data Manager Appliance Physical Network Separation- Further Resources
System configuration (re-configuration)
Enables you to modify the location, time zone, and the NTP server for the PowerProtect Data Manager Appliance.
Customers can now change the following
–DNS, NTP, Time zone
Other System related changes are made by a Support driven activity
Further reading on all of the above updates can be found here