HP StorageWorks Clustered File System 3.6.0 Windows Storage Server Edition Administration Guide (403103-005, January 2008)
Table Of Contents
- Contents
- HP Technical Support
- Quick Start Checklist
- Introduction to HP Clustered File System
- Cluster Administration
- Administrative Considerations and Restrictions
- Tested Configuration Limits
- Volume and Filesystem Limits
- User Authentication
- Start the Management Console
- Cluster Management Applications
- The HP CFS Management Console
- View Installed Software
- Start HP Clustered File System
- Stop HP Clustered File System
- Back Up and Restore the Cluster Configuration
- HP Clustered File System Network Port Numbers
- Configure Servers
- Configure Network Interfaces
- Configure the SAN
- Configure Dynamic Volumes
- Configure PSFS Filesystems
- Manage Disk Quotas
- Manage Hardware Snapshots
- Configure Security Features
- Configure Event Notifiers and View Events
- Overview
- Install and Configure the Microsoft SNMP Service
- Cluster Event Viewer
- Configure Event Notifier Services
- Select Events for a Notifier Service
- Configure the SNMP Notifier Service
- Configure the Email Notifier Service
- Configure the Script Notifier Service
- View Configurations from the Command Line
- Test Notifier Services
- Enable or Disable a Notifier Service
- Restore Notifier Event Settings to Default Values
- Import or Export the Notifier Event Settings
- Using Custom Notifier Scripts
- Cluster Operations on the Applications Tab
- Configure Virtual Hosts
- Configure Service Monitors
- Configure Device Monitors
- Advanced Monitor Topics
- SAN Maintenance
- Other Cluster Maintenance
- Management Console Icons
- Index
Chapter 12: Configure Security Features 143
Form. Specify whether you entered a name or an ID for the account.
Tips for Specifying Accounts
When specifying accounts for a role, you should be aware of the
following:
• HP Clustered File System uses the contents of the access token created
when you logged into the cluster to determine user and group
identities.
• To simplify Role-Based Security administration, specify groups
instead of users wherever possible.
• Specify groups that are valid for all servers in the cluster. Domain
universal groups and domain global groups have access to all servers.
You can also use domain local groups from the domain to which the
servers belong.
NOTE: HP Clustered File System will not prevent you from adding
users or groups that are not valid on all nodes. For example,
you can add local users or groups to a role, but these users and
groups have the permissions of the role only on the local server
and are not valid role members on the other servers.
• HP Clustered File System follows the same rules as those for adding
users and groups to machine local groups and domain local groups. If
you can add a user or group to a filesystem ACL for a given PSFS file
or directory, you can add that same user or group to a role. If you
cannot add a user or group to a filesystem ACL, do not add that user
or group to a role, as the user or group is not valid on all servers.
• To add a user or group by SID, you will need to know the SID. You can
find SIDs for the currently logged-on user and group memberships by
running the Windows whoami command. To find the SID for a user or
group that is not in your access token, use the Microsoft Windows
2003 support tool getsid.exe, which is available on the Windows 2003
installation media.
• If a user account name contains more than 20 characters, you will need
to specify the account name in UPN format, as a SID, or as a
pre-Windows 2000 name. Names in NTLM format