|
| 1 | +--- |
| 2 | +permalink: docs/task_post_deploy_credentials.html |
| 3 | +sidebar: docs_sidebar |
| 4 | +keywords: credential, password, authentication, security |
| 5 | +summary: 'Depending on the security policies in the organization that deployed NetApp HCI or NetApp SolidFire, changing credentials or passwords is commonly part of the security practices. Before you change passwords, you should be aware of the impact on other software components in the deployment.' |
| 6 | +--- |
| 7 | += Change credentials in NetApp HCI and NetApp SolidFire |
| 8 | +:icons: font |
| 9 | +:imagesdir: ../media/ |
| 10 | + |
| 11 | +[.lead] |
| 12 | +Depending on the security policies in the organization that deployed NetApp HCI or NetApp SolidFire, changing credentials or passwords is commonly part of the security practices. Before you change passwords, you should be aware of the impact on other software components in the deployment. |
| 13 | + |
| 14 | +If you change credentials for one component of a NetApp HCI or NetApp SolidFire deployment, the following table provides guidance as to the impact on other components. |
| 15 | + |
| 16 | + |
| 17 | +NetApp HCI component interactions: |
| 18 | +image:../media/diagram_credentials_hci.png[NetApp HCI components] |
| 19 | + |
| 20 | + |
| 21 | + |
| 22 | +[options="header",cols="10a,60a,30a"] |
| 23 | +|=== |
| 24 | +| Credential Type and Icon |
| 25 | +| Usage by Admin |
| 26 | +| See these instructions |
| 27 | + |
| 28 | +a| Element credentials |
| 29 | + |
| 30 | +image::../media/icon_lock_red.png[Red lock icon] |
| 31 | + |
| 32 | +a| *Applies to*: NetApp HCI and SolidFire |
| 33 | + |
| 34 | + |
| 35 | + |
| 36 | + |
| 37 | +Admins use these credentials to log into: |
| 38 | + |
| 39 | +* Element user interface on the Element storage cluster |
| 40 | +* Hybrid Cloud Control on the management node (mnode) |
| 41 | + |
| 42 | +When Hybrid Cloud Control manages multiple storage clusters, it accepts only the admin credentials for the storage clusters, known as the _authoritative cluster_ that the mnode was initially set up for. For storage clusters later added to Hybrid Cloud Control, the mnode securely stores admin credentials. If credentials for subsequently added storage clusters are changed, the credentials must also be updated in the mnode using the mnode API. a| |
| 43 | +* https://docs.netapp.com/us-en/element-software/storage/concept_system_manage_manage_cluster_administrator_users.html[Update the storage cluster admin passwords^]. |
| 44 | +* Update the storage cluster admin credentials in the mnode using the https://docs.netapp.com/us-en/element-software/api/reference_element_api_modifyclusteradmin.html[modifyclusteradmin API^]. |
| 45 | + |
| 46 | + |
| 47 | +| |
| 48 | +vSphere Single Sign-on credentials |
| 49 | + |
| 50 | +image::../media/icon_lock_green_light.png[Light green lock icon] a| *Applies to*: NetApp HCI only |
| 51 | + |
| 52 | +Admins use these credentials to log into the VMware vSphere Client. When vCenter is part of the NetApp HCI installation, credentials are configured in the NetApp Deployment Engine as the following: |
| 53 | + |
| 54 | +* username@vsphere.local with the specified password, and |
| 55 | +* administrator@vsphere.local with the specified password. |
| 56 | +When an existing vCenter is used to deploy NetApp HCI, the vSphere Single Sign-on credentials are managed by the IT VMware admins. |
| 57 | + |
| 58 | +| https://docs.netapp.com/us-en/hci/docs/task_hci_credentials_vcenter_esxi.html#%20update-the-esxi-password-by-using-the-management-node-rest-api[Update vCenter and ESXi credentials]. |
| 59 | + |
| 60 | +| Baseboard management controller (BMC) credentials |
| 61 | + |
| 62 | +image::../media/icon_lock_black.png[Black lock icon] |
| 63 | + |
| 64 | +| *Applies to*: NetApp HCI only |
| 65 | + |
| 66 | +Administrators use these credentials to log in to the BMC of the NetApp compute nodes in a NetApp HCI deployment. The BMC provides basic hardware monitoring and virtual console capabilities. |
| 67 | + |
| 68 | +BMC (sometimes referred to as _IPMI_) credentials for each NetApp compute node are stored securely on the mnode in NetApp HCI deployments. NetApp Hybrid Cloud Control uses BMC credentials in a service account capacity to communicate with the BMC in the compute nodes during compute node firmware upgrades. |
| 69 | + |
| 70 | +When the BMC credentials are changed, the credentials for the respective compute nodes must be updated also on the mnode to retain all Hybrid Cloud Control functionality. |
| 71 | + |
| 72 | +a| * link:https://docs.netapp.com/us-en/hci/docs/hci_prereqs_final_prep.html[Configure IPMI for each node on NetApp HCI]. |
| 73 | +* For H410C, H610C, and H615C nodes, link:https://docs.netapp.com/us-en/hci/docs/hci_prereqs_final_prep.html[change default IPMI password]. |
| 74 | +* For H410S and H610S nodes, https://docs.netapp.com/us-en/element-software/storage/task_post_deploy_credential_change_ipmi_password.html[change default IPM password^]. |
| 75 | +* link:https://docs.netapp.com/us-en/hci/docs/task_hcc_edit_bmc_info.html[Change BMC credentials on the management node^]. |
| 76 | + |
| 77 | + |
| 78 | +| ESXi credentials |
| 79 | + |
| 80 | +image::../media/icon_lock_green_dark.png[Dark green lock icon] |
| 81 | + |
| 82 | +| *Applies to*: NetApp HCI only |
| 83 | + |
| 84 | +Admins can log into ESXi hosts using either SSH or the local DCUI with a local root account. In NetApp HCI deployments, the username is 'root' and the password was specified during the initial installation of that compute node in NetApp Deployment Engine. |
| 85 | + |
| 86 | +ESXi root credentials for each NetApp compute node are stored securely on the mnode in NetApp HCI deployments. NetApp Hybrid Cloud Control uses the credentials in a service account capacity to communicate with ESXi hosts directly during compute node firmware upgrades and health checks. |
| 87 | + |
| 88 | +When the ESXi root credentials are changed by a VMware admin, the credentials for the respective compute nodes must be updated on the mnode to retain Hybrid Cloud Control functionality. |
| 89 | + |
| 90 | +| link:https://docs.netapp.com/us-en/hci/docs/task_hci_credentials_vcenter_esxi.html[Update credentials for vCenter and ESXi hosts^]. |
| 91 | + |
| 92 | +| QoS integration password |
| 93 | + |
| 94 | +image::../media/icon_lock_purple.png[Purple lock icon] |
| 95 | + |
| 96 | +a| *Applies to*: NetApp HCI and optional in SolidFire |
| 97 | + |
| 98 | +Not used for interactive logins by admins. |
| 99 | + |
| 100 | +The QoS integration between VMware vSphere and Element Software is enabled via: |
| 101 | + |
| 102 | +* Element Plug-in for vCenter Server, and |
| 103 | +* QoS service on the mnode. |
| 104 | + |
| 105 | +For authentication, the QoS service uses a password that is exclusively used in this context. The QoS password is specified during the initial installation of the Element Plug-in for vCenter Server, or auto-generated during NetApp HCI deployment. |
| 106 | + |
| 107 | +No impact on other components. |
| 108 | + |
| 109 | +|link:https://docs.netapp.com/us-en/vcp/vcp_task_qossioc.html[Update QoSSIOC credentials in the NetApp Element Plug-in for vCenter Server^]. |
| 110 | + |
| 111 | +The VCP SIOC password is also known as the _QoSSIOC password_. |
| 112 | + |
| 113 | +Review the link:https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Element_Plug-in_for_vCenter_server/mNode_Status_shows_as_'Network_Down'_or_'Down'_in_the_mNode_Settings_tab_of_the_Element_Plugin_for_vCenter_(VCP)[Element Plug-in for vCenter Server KB article^]. |
| 114 | + |
| 115 | +| vCenter Service Appliance credentials |
| 116 | + |
| 117 | +image::../media/icon_lock_gray_dark.png[Dark gray lock icon] |
| 118 | + |
| 119 | +| *Applies to*: NetApp HCI only if set up by NetApp Deployment Engine |
| 120 | + |
| 121 | +Admins can log into the vCenter Server appliance virtual machines. In NetApp HCI deployments, the username is 'root' and the password was specified during the initial installation of that compute node in the NetApp Deployment Engine. Depending on the VMware vSphere version deployed, certain admins in the vSphere Single Sign-on domain can also log in to the appliance. |
| 122 | + |
| 123 | +No impact on other components. |
| 124 | +| No changes needed. |
| 125 | + |
| 126 | + |
| 127 | + |
| 128 | +| NetApp Management Node admin credentials |
| 129 | + |
| 130 | +image::../media/icon_lock_gray_light.png[Light gray lock icon] |
| 131 | + |
| 132 | +| *Applies to*: NetApp HCI and optional in SolidFire |
| 133 | + |
| 134 | +Admins can log into the NetApp management node virtual machines for advanced configuration and troubleshooting. Depending on the management node version deployed, login via SSH is not enabled by default. |
| 135 | + |
| 136 | +In NetApp HCI deployments, the username and password was specified by the user during the initial installation of that compute node in NetApp Deployment Engine. |
| 137 | + |
| 138 | +No impact on other components. |
| 139 | + |
| 140 | +| No changes needed. |
| 141 | +|=== |
| 142 | + |
| 143 | + |
| 144 | + |
| 145 | + |
| 146 | +== Find more information |
| 147 | +* https://docs.netapp.com/us-en/element-software/storage/reference_post_deploy_change_default_ssl_certificate.html[Change the Element software default SSL certificate^] |
| 148 | +* https://docs.netapp.com/us-en/element-software/storage/task_post_deploy_credential_change_ipmi_password.html[Change the IPMI password for nodes^] |
| 149 | +* https://docs.netapp.com/us-en/element-software/storage/concept_system_manage_mfa_enable_multi_factor_authentication.html[Enable multi-factor authentication^] |
| 150 | +* https://docs.netapp.com/us-en/element-software/storage/concept_system_manage_key_get_started_with_external_key_management.html[Get started with external key management^] |
| 151 | +* https://docs.netapp.com/us-en/element-software/storage/task_system_manage_fips_create_a_cluster_supporting_fips_drives.html[Create a cluster supporting FIPS drives^] |
0 commit comments