Normally we suggest that storage targets be added with full admin privileges. This account needs privileges to execute commands through the Pure Storage API, typically, the default pureuser administrator account.
Adding a Pure Storage target enables Turbonomic to connect through the controller's native API. Turbonomic uses the API to access information about Pure target performance.
For example, because of a typical improved performance of Pure Storage FlashArray, Turbonomic intelligently moves more demanding workloads to these datastores. The Turbonomic analysis is also able to incorporate Pure’s de-duplication and compression into its actions.
However, some customers prefer to be as restrictive as possible when it comes to storage access. For a Pure Storage target you can use LDAP service to provide more restricted access. For example, if you wanted to provide visibility to Pure Storage through Turbonomic in the context of the broader application supply chain but not allow the ability to execute any actions.
For more restrictive access the storage administrator needs to connect Pure Storage to a LDAP service and set up security groups in the LDAP service. You can learn more about setting up AD on Pure in this blog post. Once this is set up the username would be the active directory account’s username and password (first.last, no @corp or corp\).
To troubleshoot and determine if the LDAP server is connected and visible to Pure you can point a browser at the Pure Storage address, login as “pureuser” and select the SYSTEM tab along the top edge. Then on the left select “Configuration” >> “Directory Service”. If it has the fields filled out and is enabled, then click the “Test” button to verify it is working at that time. This will help determine if the LDAP server is not visible to the Pure temporarily (see below).