Editing an Enterprise Configuration
Last updated
Last updated
The fields displayed in the Edit Node pane depend on which mode is chosen in the Authentication Mode field: Catalogic DPX native mode or LDAP mode. In the field descriptions below, if a field is present for only one of the modes, the mode is indicated in [brackets] after the field name. Otherwise, the field is displayed in both modes.
Click the Configure tab on the Function Tab bar then click Enterprise to open the Configure Enterprise window.
Open the Edit Enterprise dialog in the right pane by doing one of the following:
Right-click the Enterprise name or icon to display a context menu. The selection check box indicates the selected Enterprise, and the Edit Enterprise dialog appears in the right pane. Then select Edit.
Click the Enterprise name or icon in the left pane and do one of the following:
From the menu bar, select Enterprise > Edit Enterprise.
On the task panel, click Edit Enterprise.
In the Edit Enterprise pane, revise fields as needed. The following describes the displayed fields:
Enterprise Name
Enter a name (for example, XYZ_Enterprises
) for your Enterprise. You can use up to 48 alphanumeric characters, no spaces. The Enterprise is the total system, as defined: nodes, backup devices, media volumes, administrators, etc.
Administrator User ID
This field displays the system administrator ID, which is sysadmin.
Administrator Password
Enter a new password and then confirm the new password for the administrator (up to 14 characters, no spaces). This password is for DPX login and is unrelated to the system administrator passwords on the operating system or network.
Administrator Email Address
Enter the email address of the system administrator. Be sure to enter a full email address including a domain (for example, sysadmin@companyname.com). Whenever DPX performs a job, the log file for that job is sent to this address. It is a good idea to keep these logs on file in case you need to troubleshoot your system. If you do not want to have the log files sent via email, you can leave this field blank.
SMTP Host Name
The resolvable host name or IP address of your mail server.
SMTP Port
The SMTP port number used by the mail server. The standard mail port number is 25.
Reconstructive Catalog
This option controls how DPX tracks files in the Catalog. If you select Yes, a Reconstructive Catalog entry is built. A reconstructive Catalog is necessary for a reconstructive restore. Reconstructive restore is only available for file mode backup and restore.
Enterprise Authentication
Select the Enabled box to set up Enterprise Authentication. Enterprise Authentication ensures that communication occurs only among nodes in the same Enterprise.
Enterprise Authentication is useful for environments where multiple master servers are deployed and access to client nodes must be separated and protected. Without Enterprise Authentication, any DPX master server can access any client with the DPX client software installed. For centralized data protection, this is usually not an issue. Security-conscious organizations with requirements to isolate data protection activities between groups can use Enterprise Authentication to help with this effort.
Enterprise Authentication can prevent access to the DPX client in semi-secured or unsecured host environments. Enterprise Authentication would prevent an employee, guest, or other outsider from procuring a copy of the DPX master server software, loading it to a laptop with a temporary key, and backing up sensitive data from servers. Enterprise Authentication would prevent the rogue master server from being able to connect to the clients and running backup jobs.
Enterprise Authentication might also be useful on networks that share machine access between multiple customers. A master server can be dedicated to each customer with an associated Enterprise Authentication key. The key would then only be loaded to clients that the customer should have access to, and it would prevent access to other clients with different keys. The same method could be applied between company departments where data access should be limited. For example, the finance and development groups could be deployed with dedicated master servers, where each master is limited to the client nodes each group should have access to. This would prevent the development group from connecting to finance servers, backing up data, and recovering data in an unauthorized environment.
Enterprise Authentication is accomplished using keys you must distribute to all nodes. When you select the Enabled box and click OK, DPX generates a key and sets up authentication for the master server. For authentication to work, you must copy this key to all nodes in the same Enterprise (i.e., all nodes under the same master server.) If the master server contacts a node that has a different key, communication does not occur. However, if the master server contacts a node without any key, communication still takes place. Therefore, it is important to set up Enterprise Authentication for every Enterprise and node on your network.
Select the Enabled box in the Enterprise Information dialog box and click OK.
Leave the management console and go to the main directory.
Find a file named auth.key.
Copy this file to the main directory of all nodes in the Enterprise. One way to do this is to use FTP.
Admin Control
This field may be present in an early release of DPX. The field has two radio buttons: Version 2 and Version 3. If the Admin Control field is present, note that Version 2 and LDAP authentication mode are not compatible. If either is selected, the other is not selectable. Version 3 is selected by default and is compatible with LDAP mode.
License Capacity Warning (%)
Enter a percentage from 1 to 100 of licensed storage capacity which, when reached or exceeded, results in the display of a warning message. The warning message indicates the used storage capacity for the current license.
Authentication Mode
The default mode is Native. For LDAP authentication, select LDAP. When LDAP is selected, the LDAP Server Settings fields are displayed.
LDAP Server Settings Options [LDAP mode]
Fields under LDAP Server Settings Options apply to Active Directory (AD). The following fields are displayed if you select the LDAP authentication mode:
Hostname [LDAP mode]
Enter the IP address or resolvable logical node name of the LDAP server.
Port [LDAP mode]
The default port is 389. You can enter a different port number.
Select the Use SSL check box to enable Secure Socket Layer connection to the LDAP server. If you select SSL, the default port changes to 636.
Bind DN [LDAP mode]
Enter the Bind Distinguish Name. The Bind DN specifies the name used for authentication of connection to the LDAP server. Note that simple bind is used; SASL and anonymous bind are not supported.
Specify a fully distinguished name in LDAP form. By default in AD, user accounts and groups are in the Users folder under your domain, which is specified in LDAP form as cn=Users,dc=<Your Domain>
. If your domain is company.com and users are stored in the default Users folder, an acceptable Bind DN would be cn=Administrator,cn=Users,dc=company,dc=com
.
You can specify Bind DN in user Principal Name format, <username>@<domain, for example, administrator@company.com
.
Password [LDAP mode]
Enter a password. Supported password length is 1 to 20 unicode characters.
Base DN [LDAP mode]
Enter the Base Distinguish Name. The base DN specifies where users and groups are loaded. By default in Active Directory, user accounts and groups are in the Users folder under your domain, which is specified in LDAP form as cn=Users,dc=<Your Domain>
. If your domain is company.com and users are stored in the default Users folder, your base DN would be cn=Users,dc=company,dc=com
.
DPX uses Base DN for user provisioning when you add an administrator.
Password Age [Native mode]
The Password Age is the number of days that a password can be used by an administrator before it expires. The Password Age must be between 0 and 999, where 0 means "never expire."
If your password has less than 8 days remaining before the maximum password age is reached, DPX alerts you to change the password. If you attempt to log in after the password expires, you will be granted one login and a "changing password" dialog box appears. If this one last chance fails, you must contact the system administrator to change the password.
This password age setting is for the entire Enterprise, but if Password Age is also set on the Edit Administrator Group dialog, it is overridden for that administrator group, defaulting instead to the administrator group password age.
Account Lockout Threshold [Native mode]
The Account Lockout Threshold is the number of consecutive failed log in attempts before a user is prevented from entering DPX. The Account Lockout Threshold must be between 0 and 999, where 0 means "never lock out." A locked-out account must be reset by the system administrator.
NetApp Volume Options for Block Backup Destinations
OSS Volume Options for Block Backup Destinations
The OSS Volume Option fields only appear when at least one OSS node is recognized by the Enterprise.
Preferred Landing Page
Choose the DPX Management Console window that you want to display when first entering the console. Select Backup, Job Monitor, or Analytics. Selecting Analytics requires that the Analytics URL field is populated.
Analytics URL
Select Apply on the task menu at the top right of the right pane. If you are unable to see the task menu, resize the right pane.
Enterprise Authentication does impose some extra complexity into a data protection environment. In some cases, it may be necessary to regenerate and redistribute keys to clients after a master server upgrade or migration to new hardware. For additional information about security features, read the knowledge base article . To set up Enterprise Authentication for every Enterprise on your network:
If you select the Use SSL check box, note that you may need to import a server certificate manually to the DPX master server. If the master server cannot find a recognizable server certificate, a message will indicate that condition when you click the Test Settings button in the LDAP Server Setting Options section. To import server certificates, see in the DPX 4.9 Reference Guide.
Enter the URL reference to the site that hosts the Power BI Analytics Dashboard. This is an optional field. See .