Manualshelf

HP 3PAR InForm OS Common Criteria Administrator's Reference (QL226-96586, October 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP 3PAR InForm T400/4x300GB 15K SAS Magazine E-LTU
21222324252627282930
25 Operating in Common Criteria Mode
b. Disable to ports using the setsys MgmtOldPorts disable CLI command.
c. For the disable command to take effect, the cluster must be rebooted using the
shutdownsys reboot CLI command.
Rebooting the cluster will take several seconds and varies depending on your
configuration. The shutdownsys reboot CLI command response will guide you
through the reboot process.
5. Remote Copy should not be used in the evaluated configuration.
a. On new systems, administrators should not issue the startrcopy CLI command.
b. On upgraded systems, administrators should stop the remote copy feature using
the stoprcopy CLI command and not issue the startrcopy command.
6. Extended Roles are introduced in release 3.1.1 and are enabled by the OOTB
process. Systems being upgraded from a pre-3.1.1 release that will be using extended
roles must load the extended roles before they can be used.
a. The authorized installer on the node console, as root, will issue the command
admithw rbac.
7. The authorized installer will disassociate the SP from the InServ (using the spvar or
spdood account) using SPOCC or spmaint option 3.4 [remove an InServ].
8. Default users on the system should be replaced with site-specific users, with the
exception of the 3parsvc user, which should have its password changed (see
Service Processor Considerations” in the following section). On the SP, spvar and
spdood users should have their passwords changed.
The default user 3paradm is a super level user defined for this purpose. Once new
super users have been created, 3paradm can be removed.
Service Processor Considerations
The Service Processor (SP) is used only as a maintenance tool in the evaluated
configuration. The remote access capabilities of the system are rarely allowed in sites
where Common Criteria mode operation is desired and the event monitoring capabilities
are disabled in the evaluated configuration (see “System Event Consumer Interface” on
page 17). The SP was therefore excluded from the evaluated configuration.
The SP is still used by maintenance personnel, as a maintenance tool only, to guide
maintenance activities and perform software upgrades to the HP 3PAR Storage System.
The following discussion is intended as a guide to how it can be securely used in an
environment with HP 3PAR Storage System(s) in the evaluated configuration.
For maintenance activities, the following steps can be taken in cooperation with a HP
3PAR authorized maintainer to associate the SP with a particular HP 3PAR Storage
System. Following initial configuration, the administrator can disable the association of the
SP to the HP 3PAR Storage System using steps 5-7 below.