HP Data Protector Software Cell Manager Planning and Sizing
Table Of Contents
- Executive summary
- Solution description
- Cell Manager software topology
- IDB architecture
- Why should you configure the IDB?
- Regular IDB backups
- IDB notifications
- Limitations
- IDB Growth and Performance
- IDB key growth factors
- IDB key performance factors
- IDB key growth and performance parameters
- Influence of logging level on IDB
- Example: Changing of logging level for filesystem backup
- Influence of catalog protection on IDB
- Example: Changing of catalog protection of a backup
- Recommended usage of logging level and catalog protection
- Use different logging levels in the same cell
- Different logging levels for ObjectCopies
- Specifics for small cells
- Specifics for large cells
- Maintenance of DCBF directories
- Cell Manager hardware aspects to consider
- Cluster support for Data Protector software Cell Manager
- Security
- IDB space consumption example
- Cell Manager requirements
- For more information
User security
HP Data Protector Users is another security-critical layer of Data Protector. The configuration of users
must be carefully planned and tested.
Some user rights are very powerful and therefore represent a security issue. For example, the User
configuration and Clients configuration user rights enable a user to change the security settings. The
Restore to other clients user right is also very powerful, especially if combined with either the Back up
as root or Restore as root user rights.
Even less powerful user rights bear an inherent risk associated with them. Data Protector can be
configured to restrict certain user rights to reduce these risks.
Firewall support
You can configure Data Protector in an environment where the HP Data Protector processes
communicate across a firewall.
Communication in Data Protector
Data Protector processes communicate using TCP/IP connections. Every Data Protector system accepts
connections on port 5555 by default. In addition, some processes dynamically allocate ports on
which they accept connections from other Data Protector processes.
To enable Data Protector processes to communicate across a firewall, Data Protector allows you to
limit the range of port numbers from which dynamically allocated ports are selected. Port ranges are
defined on a per-system base. It is possible to define a port range for all Data Protector processes on
a specific system, as well as to define a port range for a specific Data Protector agent only.
Configuration mechanism
You can configure the port allocation behavior through two omnirc variables:
• OB2PORTRANGE
This option limits the range of port numbers that Data Protector uses when allocating listen ports
dynamically. This option is typically set to enable the administration of a cell through a firewall. Note
that the firewall needs to be configured separately and that the specified range does not affect the
Inet listen port.
• OB2PORTRANGESPEC
This option allows you to specify a range of port numbers for every binary. This mechanism gives you
more control over the ranges and helps to keep their sizes smaller. Note that the firewall needs to be
configured separately and that the specified range does not affect the Inet listen port.
By default, both variables are not set and ports are assigned dynamically by the operating system.
Note:
Details about how to configure the different security aspects are available
in the HP Data Protector software online help.
Open the online help menu and enter:
About Security or About Firewall
in the search field to get to the relevant topics.
32