XYGATE Compliance PRO (XSW) Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

271

272

273

274

275

276

277

278

279

280

XYGATE

Compliance PRO

™

Reference Manual

Glossary

XYPRO Technology Corporation 261 Proprietary and Confidential

MERGED COLLECTION

A merged collection is the combined data gathered from two or more host

connections. A single host connection can gather data for any number of other

NonStop hosts that are connected to that host connection via EXPAND, but

sometimes it is necessary to build a unified security picture of a NonStop host

installation where there are systems that cannot be connected using EXPAND and

thus require separate host connections.

In an environment where there are multiple host connections, one collection for one

host connection is designated as the primary collection and it may contain just data

for the node where the host connection is made or it may contain data for the node

where the host connection is made and any number of other NonStop hosts that are

connect using EXPAND. The remaining host connections have collections that are

designated subordinate collections and are merged into the primary collection to

create the combined dataset to provide a complete picture of the NonStop

environment. Note that a subordinate collection can also have data gathered from

many nodes represented in the subordinate collection.

The SWACL files on the individual host connections define which nodes may be

included in datasets generated on that host connection. The Resource Group of the

collection being gathered defines which nodes within the list delineated in the SWACL

file will be included.

ORPHAN QUERY

An orphan query is one of the five types of Security Rules and Queries. An orphan

query checks a list of elements for situations where a security object has some

security characteristic defined for it, such as an owner or an access list member, yet

the matching characteristic cannot be found in the NonStop host’s resource definitions.

An example of an orphan query is one that displays all Safeguard ACLs which contain

a userid that is not defined on the node where the Safeguard ACL resides. The other

types of Rules/Queries are the comparative query, distinct query, distinct

comparison and the value-based query.

POLICY

A policy is a surveillance tool that compares the existing security status of a NonStop

server host to an ideal configuration and highlights areas where the two do not match.

A system analysis policy in XSW is built from a Data Discovery Query where the

outcome lists individual items that are undesirable, such as a list of users that are

expired. The policy starts with the list of failures, assigns tracking numbers to each

failure, and then facilitates the documentation of efforts made to resolve the failure and

the final happy state when the failure has been cured. It also permits some failures to

be “allowed failures”; that is, failures that are authorized as exceptions to the general

rule.