HP Storage Mirroring Software User Manual

110 of 739

●

Replicate NT Security by Name—Storage Mirroring Recover allows you to
replicate Windows permission attributes by local name as well as security ID
(SID). By replicating Windows security by name, you can transmit the owner
name with the file. If that user exists on the target, then the SID associated
with the user will be applied to the target file ownership. If that user does not
exist on the target, then the ownership will be unknown. By default, this
option is disabled.

●

Domain security model—If you are using a Windows domain security
model by assigning users at the domain level, each user is assigned a
security ID (SID) at the domain level. When Storage Mirroring Recover
replicates a file to the target, the SID is also replicated. Since a user will
have the same SID on the source and target, the user will be able to
access the file from the target. Therefore, this option is not necessary.

●

Local security model—If you are using a Windows local security
model by assigning users at the local level (users that appear on
multiple machine will each have different SIDs), you will need to enable
this feature so that users can access the data on the target. If you do not

enable this feature with a local security model, after a Storage

Mirroring Recover file and SID is replicated, a local user will not be
able to access the file because the user’s SID on the target machine is
different from the SID that was replicated from the source machine.
If you enable this option, make sure that the same groups and users
exist on the target as they do on the source. Additionally, you must
enable this option on your target server before starting a restoration,
because the target is acting like a source during a restoration.

Enabling this option may have an impact on the rate at which Storage
Mirroring Recover can commit data on the target. File security attributes
are sent to the target during mirroring and replication. The target must
obtain the security ID (SID) for the users and groups that are assigned
permissions, which takes some time. If the users and groups are not on
the target server, the delay can be substantial. The performance impact
enabling this option will have will vary depending on the type of file
activity and other variables. For instance, it will not affect the overall
performance of large database files much (since there is a lot of data,
but only a few file permissions), but may affect the performance of user
files significantly (since there are often thousands of files, each with
permissions). In general, the performance impact will only be noticed
during mirrors since that is when the target workload is greatest.

Regardless of the security model you are using, if you create new user
accounts on the source, you should start a remirror so the new user account