Is anyone using device manager to centralize management and authentication of their arrays? If so, are you authenticating with AD and what have been the challenges or benefits? Are you also using it to access the HNAS
Device Manager actually supports centralized authentication and authorization so in addition to leveraging things like Kerberos, RADIUS, and LDAP you can also tie it back into your directory to leverage existing group structures as well. As the product manager who owns this function, I work with a large number of our customers who use this capability.
Most of the time customers will ask the question about centralized authentication wanting to use AD/LDAP or RADIUS to leverage multi-factor systems (tokens, smart cards, etc). Nine times out of ten there is a directory involved somewhere in the conversation/infrastructure, which opens up the capability of authorization.
Being completely blunt, the real value in what Device Manager provides is not centralized authentication, but being able to centrally authorize based on existing directory group structures. When you turn on the authorization piece in addition to centralized authentication, you eliminate the need for creating local accounts in Device Manager which streamlines things like audit/compliance reporting, account management, etc.
As far as connectivity and protocols, I would say over 98% of the customers that I work with are connecting to a Windows Active Directory. Typically this a Windows Server 2008 or higher, although I have run into a couple of 2003 version AD's still floating around out there. While the authorization piece at a protocol level is locked into using LDAP (and yes, we support LDAP with StartTLS), the major protocols that we see customers use on the authentication side are LDAP and RADIUS. We do run into some Active Directory purists who want to use Kerberos, so we support that as well.
We are using AD integration with SSO to the device manager which is really nice, but where told hnas/smu is not yet integrated into that, so that that leaves a single element where local accounts still are needed. Have I been told wrong or can you tell me if there are any plans to provide this in the immediate future?
Retrieving data ...