Restriction on accessing local client files, 11 concept of java application security – HP XP20000XP24000 Disk Array User Manual

Figure 10 Selecting the Desired SVP (Web Server)
Table 8 Specifications and Restrictions Concerning Login Operations

Item

Specification

Maximum number of concurrent

users

The storage system can support up to 32 concurrent users.

Note:

The total maximum number of concurrent users that can display

the Performance Monitor window and execute the Export Tool is

two users.

Logging in to multiple SVPs (web

servers)

The same user can concurrently log in to more than one SVP

Note:

If you execute multiple Java application programs for multiple

SVPs, insufficient memory may degrade performance.

Logging in to the same SVPs

(web servers) more than once

concurrently

The same user (ID) may not have multiple concurrent sessions with the

same SVPs (web servers).

Security measure

If you have failed to log in three times with the same user ID, Remote

Web Console stops replying for one minute. However, it is not a

system failure.

Login history

All login information, including user ID, login and logoff time, is

recorded in the audit log file, so that unauthorized access can be

detected.

Automatic logout operation

In case a user cannot normally log out, you can set the user to be

automatically logged out from the SVP after a specific period of time.

This period of time can be specified by the storage administrator with

Enable authority for the Storage Administrator Role.

Restriction on Accessing Local Client Files

The Java application has a strong security feature. Because of this feature, a user is not allowed to access

local client files for the operation in the sandbox of a Java application.
However, this sandbox security restriction can be lifted and the user can access the local files from Remote

Web Console, because the electronic signature is given to the Remote Web Console Java application.

The following figure shows the concept of the Java application security.

Figure 11 Concept of Java Application Security

When you start the Java application with an electronic signature (Remote Web Console), a security

warning dialog box is displayed. This dialog box lets you approve the identity of the designer of that

Java application. The specific warning that you receive depends on the JRE versions. When you log in to

Remote Web Console, see the following description and take the appropriate action in the displayed

dialog box.

•

For JRE 1.4

34

Installation Requirements and Procedures