HP StorageWorks XP Command View Advanced Edition Common Component Security Guide Description and Operator's Guide This guide describes how to create, operate, and use a system in a configuration evaluated based on ISO/IEC 15408 for HP StorageWorks XP Command View Advanced Edition Common Component.
Legal notices © Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents Contents Revision history 1 Overview of Security Setup and Operation 1-1 How to Use This Guide .................................................................................................................................. 6 1-1-1 Intended Readers .................................................................................................................................. 6 1-1-2 Reading Sequence ..............................................................................................
Contents 6-3 Managing User Authentication Information .................................................................................................. 30 6-3-1 Adding a User...................................................................................................................................... 30 6-3-2 Setting Up User Permissions............................................................................................................... 30 6-3-3 Changing a User Password.....................
Overview of Security Setup and Operation Revision history Table 1 Revisions Date April 2009 Edition Revision First Release 5
Overview of Security Setup and Operation 1 Overview of Security Setup and Operation Security functions evaluated based on ISO/IEC 15408 for HP StorageWorks XP Command View Advanced Edition Common Component refer to functions that provide the user authentication and access control necessary for creating and operating a system that uses the HP StorageWorks XP Command View Advanced Edition storage management software product in a configuration evaluated based on ISO/IEC 15408.
Overview of Security Setup and Operation evaluated based on ISO/IEC 15408. When reference manuals are also indicated, you should refer to them. When operating a system: Read chapters 1, 5, and 6 when you are ready to start operating the system. This guide describes the operations you must perform to use HP StorageWorks XP Command View Advanced Edition Common Component in a configuration evaluated based on ISO/IEC 15408. When reference manuals are also indicated, you should refer to them.
Overview of Security Setup and Operation 1-2-1-1 Storage management software The storage management software is included in HP StorageWorks XP Command View Advanced Edition and is described subsection 1-3-3 . 1-2-1-2 HP StorageWorks XP Command View Advanced Edition Common Component (CVAE) This software provides the base module that implements the common functionality for the storage management software included in HP StorageWorks XP Command View Advanced Edition.
Overview of Security Setup and Operation Table 1-1 Items Required for the Security Policy No.
Overview of Security Setup and Operation An account administrator and a storage administrator are responsible for operations they must perform for their related tasks during system operation. Therefore, persons selected as the account administrator and storage administrator must be reliable persons who will not commit any malicious acts. The selected account administrator and storage administrator must prepare as follows before operation starts.
Overview of Security Setup and Operation 1-3-4 Network Management The communication path between an internal network and an external network must be protected from threats. The following are the requirements for network management. • The firewall installed between an internal network and external networks must be set up correctly and must operate correctly. • The network must be monitored regularly, about once a year, to make sure there is no unauthorized traffic.
Overview of Security Setup and Operation • The password must contain one or more numeric characters. And the procedure for using authentication information must be predefined so that when authentication information is locked, the account administrator can unlock the information in response to an appropriate request. The system creator must promptly change the default password set during system creation.
Overview of Security Setup and Operation Figure 1-2 Procedure for Creating and Operating the System 13
Examining the System Configuration 2 Examining the System Configuration This chapter describes the issues that you must examine before creating a system in the configuration evaluated based on ISO/IEC 15408 for HP StorageWorks XP Command View Advanced Edition Common Component. • • Hardware Configuration (See section 2-1 ) Software Configuration (See section 2-2 ) 2-1 Hardware Configuration The system described in this guide has the following hardware configuration.
Examining the System Configuration • The storage administrator and account administrator issue operation requests to the storage management software by using a storage management client terminal to access the management server from an external network. The machine models that can be used for a management server vary depending on the prerequisite operating system. The following lists the prerequisite operating systems and the applicable machine models for each.
Examining the System Configuration shows the correspondence between the software and operating systems. For detailed information on prerequisite conditions, see Table 2-2.
Preparations before System Creation 3 Preparations before System Creation This chapter describes the preparations required for creating a system in the configuration evaluated based on ISO/IEC 15408 for HP StorageWorks XP Command View Advanced Edition Common Component.
Preparations before System Creation 3-4 Determining the Rules Related to Security Functions Obtain and examine the information required for correct operation of HP StorageWorks XP Command View Advanced Edition Common Component security functions, and decide which information to use. The information determined here will be set during system creation. The following items need to be examined.
Creating a System 4 Creating a System When the preparations required for system operation are complete, create the system. This chapter describes how to create a system in the configuration evaluated based on ISO/IEC 15408 for HP StorageWorks XP Command View Advanced Edition Common Component.
Creating a System creator must perform the applicable procedure described in the following sections according to the type of operating system. 4-2-1 In Linux This section describes the installation procedure in Linux. As the first step, specify OS settings according to the applicable reference in the following table.
Creating a System In subsection 1-3-4 , if communication between the management server and the storage management Client terminal is protected by SSL and SSL is provided by HP StorageWorks XP Command View Advanced Edition Common Component, specify the required settings after installation. For the procedure, see the applicable reference in the following table.
Creating a System USER.AccessControl=true If this line does not exist, create it. When this parameter is specified as true, the system creator can install only the specified HP StorageWorks XP Command View Advanced Edition products described in section “1-3-3 Software Management”.When using HP StorageWorks XP Command View Advanced Edition products that are not described in section 1-3-3 , the parameter must not be specified as true. If this rule is not followed, proper operation cannot be guaranteed.
Creating a System Table 4-7 Registering a License Management software being used Manager See: guide Chapter 2 XP Provisioning Manager planning and startup 2-3 Viewing and installing license information 4-5 Setting Up the HP StorageWorks XP Command View Advanced Edition Common Component Management Functions Set up the security parameters and the warning banner text determined as described in section 3-4 based on section 1-3 .
Creating a System 4-6 Setting Up User Authentication Information Register and set up the authentication information for the account administrator determined as described in section 3-4 based on section 1-3 . The system creator must use the authentication information for the system creator to log in to the installed HP StorageWorks XP Command View Advanced Edition software for which an environment has been set up.
Creating a System Command View Advanced Edition Common Component authentication function. The existing authentication function method will hereafter be called internal authentication, and the external authentication server method will be called external authentication. 4-7-1 Linking to an External Authentication Server For details about how to link to an LDAP directory or RADIUS server, see the following table.
Creating a System • For the external authentication server administrator, select a person who is trustworthy and will not commit any malicious acts. For more information, see 1-3-1 Selecting Administrators. The administrator of the external authentication server must be able to cooperate with the HP StorageWorks XP Command View Advanced Edition Common Component system architect and account administrator in order to operate the external authentication server.
Preparations before System Operation 5 Preparations before System Operation This chapter describes the preparations required for operating a system in the configuration evaluated based on ISO/IEC 15408 for HP StorageWorks XP Command View Advanced Edition Common Component.
Preparations before System Operation • • Method for using the client terminal for access Information (user ID and password) that the storage administrator must enter in the user authentication window to initiate access Note on use The account administrator must warn the storage administrators to properly manage their authentication information according to the instructions provided in subsection 1-3-5 .
Operating the System 6 Operating the System When the preparations required for system operation are complete, operation of the system can start.
Operating the System 6-3 Managing User Authentication Information This section describes the management of user authentication information by the account administrator. Management of the user authentication information must be performed as described in (1) Storage administrator information in section 5-2 when one of the following situations arises: • • • • A user is added or deleted. Permission information for a user is set up. A user's password is changed.
Operating the System Table 6-2 Description of the Procedure for Changing the Status Management software being used See: XP Command View AE Device Manager XP CV AE Device Manager Help >Managing users > Managing account information > Changing the lock status of a user account XP Command View AE Provisioning Manager -- 6-3-5 Deleting a User Delete the authentication information for the user.
Operating the System managed, and the appropriate users can change their own passwords. For information on how to manage authentication information using an external authentication server, see the manual for the particular external authentication server that will be used.