Overview of lun security xp extension, Assigning access attributes to logical volumes, Restricting read and write operations – HP StorageWorks XP Remote Web Console Software User Manual

LUN Security XP Extension user guide

9

1

Overview of LUN Security XP Extension

HP StorageWorks LUN Security XP Extension protects data on an array from I/O operations performed on

open-systems hosts. You can use LUN Security XP Extension to assign an access attribute to each logical

volume. If you use LUN Security XP Extension, you can use a logical volume as a read-only volume and

protect a logical volume against read and write operations.
Use LUN Security XP Extension to suspend data activity within the environment. This ensures that logical

volumes whose retention period expires will not return to Read/Write mode. This feature is called

Expiration Lock (also called Audit Lock).
You cannot use LUN Security XP Extension to change the access attribute of logical volumes that meet

certain conditions. For detailed information, see ”

Using LUN Security XP Extension with other products

” on

page 10.
In local array documentation, logical volumes are sometimes referred to as logical devices (or LDEVs).

Logical volumes accessed by open-systems hosts are sometimes referred to as logical units (or LUs).

CAUTION:

HP StorageWorks LUN Security XP Extension provides the ability to place logical volumes into

secure states. In these secure states, data on the volumes cannot be modified until the retention time

specified when the volume is placed in the secured state has elapsed.

Assigning access attributes to logical volumes

By default, all open-systems volumes are subject to read and write operations by open-systems hosts. For

this reason, data on open-systems volumes could be damaged or lost if an open-systems host performs

erroneous write operations. Also, confidential data on open-systems volumes could be stolen if a malicious

operator performs read operations on open-systems hosts.
Restricting read and write operations on logical volumes can prevent data from being damaged, lost, or

stolen. With LUN Security XP Extension, you can use logical volumes as read-only volumes to protect them

against write operations, or you can protect logical volumes against both read and write operations.

Restricting read and write operations

To restrict read and write operations, use LUN Security XP Extension to assign one of the following access

attributes to each logical volume (see ”

Changing logical volumes’ access attributes

” on page 25):

•

Read/Write: Open-systems hosts can perform read and write operations on the logical volume.
Continuous Access XP and Business Copy XP can copy data to logical volumes that have the

Read/Write attribute. If necessary, you can prevent copying data to logical volumes that have the

Read/Write attribute.
Read/Write is the default attribute for open-systems volumes.

•

Read Only: Open-systems hosts can perform read operations, but cannot perform write operations on

the logical volume.
Continuous Access XP and Business Copy XP cannot copy data to logical volumes that have the Read

Only attribute.

•

Protect: Open-systems hosts cannot access the logical volume. Open-systems hosts cannot perform read

or write operations on the logical volume.
Continuous Access XP and Business Copy XP cannot copy data to or from logical volumes that have the

Protect attribute.

Figure 1

shows access attributes for logical volumes 00, 01, and 02. Logical volume 03’s access attribute

is Can't Guard, which means you cannot assign any access attribute to the logical volume. LUN Security

XP Extension cannot assign access attributes to:

•

Mainframe volumes