I recently had the opportunity to deploy a Vembu BDR 3.9.1 Update 1 appliance and thought I’d run through the basics of getting started. There’s a new document outlining the process on the articles page.
I’ve been doing some work with Rubrik in our lab and thought it worth covering some of the basic features that I think are pretty neat. In this edition of Rubrik Basics, I thought I’d quickly cover off how to get started with the Role Based Access Control (RBAC) feature.
The concept of RBAC is not a new one. It is, however, one of the first things that companies with more than one staff member ask for when they have to manage infrastructure. Rubrik uses the concept of Roles to deliver particular access to their environment. The available roles are as follows:
- Administrator role – Full access to all Rubrik operations on all objects;
- End User role – For assigned objects: browse snapshots, recover files and Live Mount; and
- No Access role – Cannot log in to the Rubrik UI and cannot make REST API calls.
The End User role has a set of privileges that align with the requirements of a backup operator role.
|Download data from backups||Data download only from assigned object types:
|Live Mount or Export virtual machine snapshot||Live Mount or Export a snapshot only from specified virtual machines and only to specified target locations.|
|Export data from backups||Export data only from specified source objects.|
|Restore data over source||Write data from backups to the source location, overwriting existing data, only for assigned objects, and only when ‘Allow overwrite of original’ is enabled for the user account or group account.|
The good news is that Rubrik supports local authentication as well as Active Directory. You can then tie these roles to particular groups within your organisation. You can have more than one domain that you use for authentication, but I’ll cover that in a future post on multi-tenancy.
I don’t believe that the ability to create custom roles is present (at least in the UI). I’m happy for people from Rubrik to correct me if I’ve gotten that wrong.
Configuring access to the Rubrik environment for users is fairly straightforward. In this example I’ll be giving my domain account access to the Brik as an administrator. To get started, click on the Gear icon in the UI and select Users (under Access Management).
I don’t know who Grant Authorization is in real life, but he’s the guy who can help you out here (my dad jokes are both woeful and plentiful – just ask my children).
In this example I’m granting access to a domain user.
This example also assumes that you’ve added the domain to the appliance in the first place (and note that you can add multiple domains). In the dropdown box, select the domain the user resides in.
You can then search for a name. In this example, the user I’m searching for is danf. Makes sense, if you think about it.
Select the user account and click on Continue.
By default users are assigned No Access. If you have one of these accounts, the UI will let you enter a username and password and then kick you back to the login screen.
If I assign the user the End User role, I can assign access to various objects in the environment. Note that I can also provide access to overwrite original files if required. This is disabled by default.
In this example, however, I’m providing my domain account with full access via the Administrator role. Click on Assign to continue.
I can now log in to the Rubrik UI with my domain user account and do things.
And that’s it. In a future post I’ll be looking in to multi-tenancy and fun things you can do with organisations and multiple access levels.
It’s been too long since I wrote up a how-to article. But this one came from a really interesting problem. My colleagues were recently faced with an issue at a site where the customer wanted to upgrade from vSphere 5.1 to 5.5. Which was fine, but they’d forgotten / misplaced / couldn’t remember the SSO master password. So I’ve added a brief article covering the steps involved in getting it sorted out. Full credit to Michael, Vincent and our Partner SE Charles for piecing together the steps. I’m really just the messenger.
While you’re there, have a look through my other articles. While dated, some are still useful.
I’ve added a brief article covering the steps involved in installing the Cisco Prime DCNM in standalone mode – used for management and maintenance of Cisco fabrics. I had to re-install this software after a workstation replacement and thought it might be useful to document the steps required.
I’ve added a brief article covering the steps involved in installing the EMC Centera Tools software suite – used for management and maintenance of Centera clusters. I’m hopeful that I’ll have time to do some more articles covering basic usage of the Centera CLI in the near future. Feel free to look at some of the other articles I’ve published as well – hopefully you’ll find someting useful in there.
A few months ago someone asked me if I had documentation on how to do FLARE upgrades on a CLARiiON. I’d taken a video last year, but realised that it used the old Navisphere Service Taskbar and covered the upgrade of a CX700 to FLARE 26. So, basically, my doco was a little out of date.
I recently had the opportunity to upgrade some of our CX4-120s to the latest release of FLARE 30 (.524), so thought it might be an opportune moment to document the process in a visual sense. Once I’d completed the articles, I realised this may have been done better with a series of videos. Maybe next time. In any case, here’s a four-part series (part 1, part 2, part 3, and part 4) on how to upgrade FLARE on a CX4 using Unisphere Service Manager. It’s a classic death-by-screenshot scenario, and I apologise in advance for the size of the files. While we’re talking about documentation, have a look through the rest of the articles page, there might be something useful there. And if you want something covered specifically, I do take requests.