Assigning access attributes to logical volumes, Restricting read and write operations – HP StorageWorks XP Remote Web Console Software User Manual
Page 9
LUN Security XP Extension user guide
9
1
LUN Security XP Extension for the
XP128/XP1024/XP10000/XP12000
HP StorageWorks LUN Security XP Extension protects data on an XP disk array from I/O operations
performed on open systems hosts. You can use LUN Security XP Extension to assign an access attribute to
each logical volume. If you use LUN Security XP Extension, you can use a logical volume as a read-only
volume and protect a logical volume against read and write operations.
Use LUN Security XP Extension to suspend data activity within the environment. This ensures that logical
volumes whose retention period expires will not return to Read/Write mode. This feature is called
Expiration Lock (also called Audit Lock).
You cannot use LUN Security XP Extension to change the access attribute of logical volumes that meet
certain conditions. For detailed information, see ”
Using LUN Security XP Extension with other products
page 10.
In local disk array documentation, logical volumes are sometimes referred to as logical devices (or LDEVs).
Logical volumes accessed by open-systems hosts are sometimes referred to as logical units (or LU)s.
CAUTION:
HP StorageWorks LUN Security XP Extension provides the ability to place logical volumes into
secure states. In these secure states, data on the volumes cannot be modified until the retention time
specified when the volume is placed in the secured state has elapsed. TO THE FULLEST EXTENT
PERMITTED BY LAW, UNLESS EXPRESSLY PROVIDED OTHERWISE UNDER WRITTEN AGREEMENT
BETWEEN HP AND CUSTOMER, HP WILL NOT BE LIABLE FOR ANY DIRECT, SPECIAL OR
CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS AND LOSS OF
DATA) REGARDLESS OF WHETHER SUCH DAMAGES ARE BASED ON TORT, WARRANTY, CONTRACT
OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, ARISING
OUT OF ANY PERFORMANCE OF OR IN FURTHERANCE OF UNLOCKING OR OTHERWISE
UNSECURING AT THE REQUEST OF THE CUSTOMER DATA THAT HAS BEEN SECURED USING
HP StorageWorks LUN Security XP Extension BEFORE THE RETENTION TIME HAS EXPIRED.
Assigning access attributes to logical volumes
By default, all open systems volumes are subject to read and write operations by open systems hosts. For
this reason, data on open systems volumes could be damaged or lost if an open systems host performs
erroneous write operations. Also, confidential data on open systems volumes could be stolen if a malicious
operator performs read operations on open systems hosts.
Restricting read and write operations on logical volumes can prevent data from being damaged, lost, or
stolen. With LUN Security XP Extension, you can use logical volumes as read-only volumes to protect them
against write operations, or you can protect logical volumes against both read and write operations.
Restricting read and write operations
To restrict read and write operations, use LUN Security XP Extension to assign one of the following access
attributes to each logical volume (see ”
Changing logical volumes’ access attributes
•
Read/Write: Open systems hosts can perform read and write operations on the logical volume.
Continuous Access XP and Business Copy XP (BC XP) can copy data to logical volumes that have the
Read/Write attribute. If necessary, you can prevent copying data to logical volumes that have the
Read/Write attribute.
Read/Write is the default attribute for open systems volumes.
•
Read Only: Open systems hosts can perform read operations, but cannot perform write operations on
the logical volume.
Continuous Access XP and BC XP cannot copy data to logical volumes that have the Read Only
attribute.