I am continuing to learn about Cohesity and share my learnings with you. This week I added my Cohesity cluster to Active Directory so that I could use AD accounts to manage the platform rather than the built-in account. The process is shown in this video and took all of five minutes to complete. The security model in Cohesity is reasonably straightforward but flexible. Accounts are given a role which defaults to being global but can be filtered to specific objects. There are roles for cluster administrators, backup operators, and backup viewers as well as a couple more that I haven’t investigated. There is also a facility to create custom roles based on your specific security policies. I granted one AD group administrative rights to replace using the admin account and gave another group the operator role so that they could look after data management, but not change the cluster setup. One important thing is to secure the built-in admin account’s password, configuring AD authentication supplements built-in authentication, so the local accounts still exist. Set a complex password and document it in whatever safe location you use for system passwords. Now that the cluster is joined to AD, the login page has a drop-down for domain selection. The delegation of user authentication to Active Directory was quick and easy on my Cohesity cluster.
Past Cohesity videos
Disclaimer: Cohesity is my paying customer, and I am helping them by making this video and blog posts. The topic and content of the video was entirely my idea, and everything was created and posted before Cohesity got to do any review. I think they like it this way as they are so danged busy at the moment.
© 2018, Alastair. All rights reserved.