SeeView Server Gateway (SSG) Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

SSG Component Configuration

HP NonStop SeeView Server Gateway (SSG) Manual—526356-004

3-9

Management Scenario

automatically if necessary, eliminating the need for the START GATEWAY commands

included previously.

Management Scenario

In a management scenario, applications that perform management or command and

control use SSG services. In this case, you cannot safely share access to a single

SSG and a single set of CIs, because doing so could pose a security risk. Instead, you

need to configure a separate SSG and set of CIs for each user that accesses these

applications. You can still set general rules in $SYSTEM.SYSTEM.SSGCONF, but you

might also want to customize these settings by user in the user-specific SSGCONF

files located in the users’ default subvolumes.

Case Scenario

To take a specific example, assume you are running a Windows-based command and

control application that utilizes the CSG and SSG and accesses the TACL, FUP, and

SCF CIs. Further, assume that you have two users who need to access this

application:

•

OPS.USER needs the TACL and FUP functions.

•

SUPER.ADMIN needs all functions.

No other users on your system run this application or need access to CI services via

the SSG. In this environment, you want to limit access to the SSG through the

$SYSTEM.SYSTEM.SSGCONF file but then open up that access for OPS.USER and

SUPER.ADMIN through their own SSGCONF files. For example,

$SYSTEM.SYSTEM.SSGCONF might contain:

OPS.USER’s SSGCONF file would contain:

And SUPER.ADMIN’s SSGCONF file would contain:

Because the application in this example is Windows-based, you also would need to

configure the CSG on both OPS.USER’s and SUPER.ADMIN’s workstations to use the

correct SSG ID.

SET SECURE DEFAULT NONE ! By default, no one is allowed to access SSG CI services

SET AUTOSTART ON ! Cause SSGCOM to start the SSG automatically on demand

SET SSGCONFSEARCH ON ! Read the user’s SSGCONF file after processing this file

SET SECURE FUP USER ! This user can access FUP and TACL; however, they are not

SET SECURE TACL USER ! shared, so there’s no risk of another user accessing them

SET ID $US1 ! The SSG ID for this user’s SSG (can be any legal ID)

SET SECURE FUP USER ! This user can access FUP,TACL,and SCF; however, they are

SET SECURE TACL USER ! not shared, so no risk of another user accessing them

SET SECURE SCF USER !

SET ID $SS1 ! The SSG ID for this user’s SSG (can be any legal ID)