The IBM® Storage DS8000® series provides the option to replace locally managed user ID and password authentication with a centralized, directory-based model. This IBM Redpaper publication assists storage administrators in understanding the concepts and advantages of centralized directory services. It describes the requirements for implementing an authentication mechanism based on the Lightweight Directory Access Protocol (LDAP).

Beginning with Release 9.1, a simplified native LDAP authentication method became available. Starting with Release 10.0, this native method replaced the earlier approach that relied on IBM Copy Services Manager (CSM) acting as a proxy between the DS8000 and external LDAP servers, which is no longer supported.

This edition has been fully updated for IBM Storage DS8000 Release 10.1, incorporating the latest enhancements to authentication and security. These updates build on previous improvements, including the multi-factor authentication (MFA) capabilities introduced in April 2023 with Licensed Machine Code (LMC) 7.9.32 (bundle version 89.32.xx.x) in Release 9.3.2.

Chapter 1. IBM DS8000 user authentication

Chapter 2. LDAP for IBM DS8000 administrators

Chapter 3. IBM DS8000 user management

Chapter 4. Configuring LDAP remote authentication with the DS8000 Storage Management GUI

Chapter 5. Implementing LDAP by using the DS Command-Line Interface

Chapter 6. Implementing LDAP with directory services

Chapter 7. IBM Resource Access Control Facility

Chapter 8. Remote authentication with multi-factor authentication

Chapter 9. Migrating from IBM Copy Services Manager based LDAP authentication to native LDAP authentication

Appendix A. LDAP planning worksheet

Appendix B. Troubleshooting

Appendix C. Certificate considerations

Appendix D. Legacy LDAP authentication through IBM Copy Services Manager