HP OpenView Storage Mirroring User Guide (360226-002, May 2004)
15 - 1
15 !
!!
! Security
Security
To ensure protection of your data, Storage Mirroring offers multi-level security using native operating system security
features. Privileges are granted through membership in user groups defined on each machine running Storage Mirroring. To
gain access to a particular Storage Mirroring source or target, the user must provide a valid operating system user name and
password and the specified user name must be a member of one of the Storage Mirroring security groups. Once a valid user
name and password have been provided and the Storage Mirroring source or target has verified membership in one of the
Storage Mirroring security groups, the user is granted appropriate access to the source or target and the corresponding
features are enabled in the client. Access to Storage Mirroring is granted on one of the following three levels:
! Administrator Access—All Storage Mirroring features are available for that machine. For example, this access level
includes creating replication sets and establishing Storage Mirroring connections.
! Monitor Access—Statistics can be viewed on that machine, but Storage Mirroring features are not available. For example,
this access level does not allow the user to create or modify replication sets or create or modify Storage Mirroring
connections.
! No Access—The machine appears in the Storage Mirroring Management Console and can be pinged from the Storage
Mirroring Text Client, but no other access is available.
Security Access Levels
The following table identifies which key Storage Mirroring features are available depending on the security access granted.
Security Advantages and Considerations
Storage Mirroring security provides machine-based protection allowing the network administrator to specify the individuals
that can access all of the Storage Mirroring features as well as those that only have access to the Storage Mirroring statistics.
This security prevents unauthorized users from modifying critical Storage Mirroring configurations like the data included or
excluded from a replication set, changing a one-to-one configuration to a one-to-many configuration by adding another
connection, or initiating a mirror or stopping replication.
Storage Mirroring Feature Administrator Access Monitor Access
Modify Replication Sets
!
View Replication Sets and Rules
!!
Control Connections, Mirroring, Replication, Verification,
Restoration, Failover
!
View Connection, Mirroring, Replication, Verification, Restoration
Processing Statistics
!!
View Storage Mirroring Program Settings
!!
Modify Storage Mirroring Program Settings
!
NOTE: Although Storage Mirroring passwords are encrypted when they are stored, Storage Mirroring security design
does assume that any machine running the Storage Mirroring client application is protected from unauthorized
access. If you are running the Storage Mirroring client and step away from your machine, you must protect
your machine from unauthorized access.