Manualshelf

Storage Resource Manager Enterprise Edition Installation Guide

ManualsBrandsHP ManualsComputer AccessoriesCompaq SANworks Storage Resource Manager V4.0B - 1 License
121122123124125126127128129130
74 Storage Resource Manager Enterprise Edition
Security
SRM Security in Multiple Domains
SRM depends on standard Windows NT security mechanisms for its operation. The
SRM Server and Agent authenticate each other to prevent potentially sensitive
information from being revealed to unauthorized programs.
Using the SRM Service Login account (SRMSvcUser, by default), the SRM Server
logs in and runs as the Windows NT Service, SRPROCMGR.EXE, while SRM Agents
log in and run as the Windows NT Service, SRMAGENT.EXE. All access to the SRM
SQL Server database is through this account; no other SRM account has access to the
database.
When all elements (SRM SQL Server, SRM Server, SRM Agent, and SRM Service
Login Account) reside in the same domain, the authentication cycle and database
access work based on implicit trusts. However, for the authentication cycle and
database access to work properly in a multiple Windows NT security domain
environment, one-way trusts must be established among the various domains. The
domains of the SRM SQL Server, SRM Server, and SRM Agent computers must trust
the SRM Service Login accounts domain.
Ensure that your trust relationships are established prior to installing SRM in your
multiple domain environment. See section Domain Planning in Chapter 5 for
information and worksheets to help you configure your multiple domain trusts.
Configuring One-Way Trust Relationships
Configure the trusts when the SRM Service Login Account resides in a different
domain from the SQL Server, SRM Server, and SRM Agents.
NOTE: In this procedure, the SRM Service Login Account resides in the domain
ENGINEERING, and in the ENGTEST2 domain the SQL Server, SRM Server, and Agent will be
installed.
Use the following procedure to configure Windows NT one-way trusts. On the Trusted
Domain (the domain where the SRM Service Login Account resides, in this example,
ENGINEERING):
1. Log in to an account with domain administrator privileges for each domain you
want to configure.
2. Go to Start > Programs > Administrative Tools > User Manager for Domains.
3. Choose Policies > Trust Relationships. The Trust Relationships dialog box
displays, as shown in Figure 71.