Preparation for Scanning Dell EMC ECS
StorageGuard collects configuration data from Dell EMC Elastic Cloud Storage (ECS) systems by opening an HTTP or HTTPS connection to the EMC ECS system. StorageGuard collects data using REST API.
The following table lists the requirements for scanning EMC ECS systems:
|1||Provide the network name or IP address of the ECS portal. If you have multiple VDCs, configure each VDC separately.|
|2||Provide a user account (and password) for each ECS portal.
The user account should be assigned with an unlimited read-only role, enabling it to run GET requests.
Examples of read-only APIs used:
|4||Verify IP connectivity through HTTP or HTTPS (443) is available between the StorageGuard server and each ECS.|
|5||If you’re planning to extend the built-in security configuration collection with custom collection using ECS CLI, verify also that IP connectivity through SSH is available between the StorageGuard server and each ECS.|
Creating a User Account for Scanning Dell EMC ECS
The following suggested method can be used to create a user account with appropriate privileges:
- Login to the ECS portal and navigate to the User Management page.
- Create a new Management user with the System Monitor role.
Optional: Granting SSH access
SSH access enables StorageGuard to perform a few additional configuration checks that currently cannot be performed through Dell ECS REST API calls, such as checking NTP and SNMP settings. However, at this time ECS SSH access can only be granted with administrative access rights, and therefore careful consideration is required. Note that the StorageGuard scan will only run read-only API and CLI commands, even when the StorageGuard scan user has elevated rights.
In addition, it's recommended to download Dell's ECS certificate tool (ecs_certificate_tool.py) to a /home/admin/ecs_certificate_tool-1.x directory on the ECS system. The tool enables StorageGuard to perform certificate checks. Refer to Dell article 181006 for information about downloading the tool.