CVM的集中验证

m
徽章 +8
我支持的客户具有内部信息安全/信息保证要求,应尽可能部署特权/访问的集中式身份验证。

对于我们的棱镜和管理程序环境,这是通过与企业Microsoft域集成的Active Directory/LDAPS来完成的。但是,由于没有像Nutanix CVM那样精通,并且不想“破坏某些东西”试图合并它们,因此我们已经在每个CVM上选出了本地用户帐户。在当今的环境中,这并不是一项巨大的工作,但这肯定不是方便的,而且绝对不符合客户对单个集中式特权用户管理的要求。

我已经扫描了Nutanix圣经和Nutanix支持文档,但还没有对我跳来跳去。是否有人意识到已记录的(和受支持的)方法,以将CVM与Microsoft Active Directory集成?
    \n
    \nFor our Prism and Hypervisor environments, this is accomplished with Active Directory\/LDAPS integration with the Enterprise Microsoft domain. However, with not being as versed with the Nutanix CVMs and not wanting to 'break something' trying to incorporate them, we have elected for individual local user accounts on each CVM. In our environment today, that's not a huge undertaking, but it's certainly not convenient, and it's definitely not in-line with the customer's requirement for a single centralized privileged user administration.
    \n
    \nI've scanned the Nutanix Bible and the Nutanix Support documentation, but nothing has jumped out at me yet. Is anyone else aware of a documented (and supported) method in order to integrate the CVMs with Microsoft Active Directory?","quoteUsername":"mccabejr","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    该主题已关闭以供评论

    2个答复

    乔恩
    秩
    UserLevel 6
    徽章 +29
    我知道你在说什么。

    集群锁定模式和基于密钥的身份验证将使您更接近您需要的位置。

    还有另一个可以以更优雅的方式恕我直言来解决这一问题的功能,但这当然是将来的东西。

    我鼓励您与您的帐户团队联系,他们可以让我们的安全工程团队参与各种模式,并确保您将被覆盖100%,或者最坏的情况,请参阅差距的位置和头脑风暴关于我们如何解决它们。
    乔恩·科勒|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!
    \n
    \nCluster lockdown mode and key based authentication will get you closer to where you need to be.
    \n
    \nTheres another feature that will solve this, coming down the pipe, in a more graceful manner IMHO but that of course is something in the future.
    \n
    \nI'd encourage you to touch base with your account team, they can get our security engineering team engaged to run through the various modalities and either make sure you'd be covered 100%, or worst case, see where the gaps are and brainstorm on how we can solve them.","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    m
    徽章 +8
    谢谢,。

    我将进一步研究这两个选择,并将安排与我的团队联系。谢谢!
    \n
    \nI'll research those two options further and will schedule to reach out to my team. Thanks!","quoteUsername":"mccabejr","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    条款和条件
    Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
    Functional","cookiepolicy.modal.level2":"Normal
    Functional + analytics","cookiepolicy.modal.level3":"Complete
    Functional + analytics + social media + embedded videos"}}}">
    Baidu