HP 5600 Deploying HP KVM consoling solutions best practices - Page 12

Managing switch users through Active Directory The basic administrative function of the console switch uses a database maintained and contained within the switch to determine which switch user can access a particular server. The database specifies user IDs, passwords, and access rights. This basic function, which allows adding, changing, or deleting users only at the switch level, is best suited for small-to-medium sized networks. The HP IP Console Switch with Virtual Media comes with full LDAP support. LDAP enables system administrators to use directory services for managing remote KVM console switch users with the same efficiency as managing network users and resources. Active Directory is a database maintained by a network's Domain Controller Server. It allows centralized management of access to network components, including console switches (Figure 10). Figure 10. HP IP Console Switch management using Active Directory Remote KVM Console Switch A Switch B Switch C Domain Controller Server Active Directory Domain user Domain user w/switch A rights Domain user w/switch B rights Domain user w/switch C rights Domain user Active Directory authenticates from a shared database. A switch user can use the same ID and password for the switch that he or she uses for the domain. Switch users and network users are centrally managed by the directory service on one machine. Any change is immediately effective everywhere (that is, deleting or disabling a switch user immediately removes his or her access to all resources including switches. Password type and changes are enforced at the directory level for more secure management. 12