Security, Security access levels, Security advantages and considerations – HP Storage Mirroring Software User Manual

17 - 1

17

Security

To ensure protection of your data, Storage Mirroring offers
multi-level security using native operating system security features.

Privileges are granted through membership in user groups defined

on each machine running Storage Mirroring. To gain access to a particular Storage Mirroring source

or target, the user must provide a valid operating system user name and password and the specified

user name must be a member of one of the Storage Mirroring security groups. Once a valid user name

and password have been provided and the Storage Mirroring source or target has verified

membership in one of the Storage Mirroring security groups, the user is granted appropriate access

to the source or target and the corresponding features are enabled in the client. Access to Storage

Mirroring is granted on one of the following three levels:



Administrator Access—All Storage Mirroring features are available for that machine. For

example, this access level includes creating replication sets and establishing Storage Mirroring

connections.



Monitor Access—Statistics can be viewed on that machine, but Storage Mirroring features are

not available. For example, this access level does not allow the user to create or modify

replication sets or create or modify Storage Mirroring connections.



No Access—The machine appears in the Storage Mirroring Management Console and can be

pinged using a scripting command, but no other access is available.

Security access levels

The following table identifies which key Storage Mirroring features are available depending on the

security access granted.

Security advantages and considerations

Storage Mirroring security provides machine-based protection allowing the network administrator to

specify the individuals that can access all of the Storage Mirroring features as well as those that only

have access to the Storage Mirroring statistics. This security prevents unauthorized users from

modifying critical Storage Mirroring configurations like the data included or excluded from a

replication set, changing a one-to-one configuration to a one-to-many configuration by adding

another connection, or initiating a mirror or stopping replication.

Storage Mirroring Feature

Administrator

Access

Monitor Access

Modify Replication Sets



View Replication Sets and Rules





Control Connections, Mirroring, Replication,

Verification, Restoration, Failover



View Connection, Mirroring, Replication, Verification,

Restoration Processing Statistics





View Storage Mirroring Program Settings





Modify Storage Mirroring Program Settings



NOTE:

Although Storage Mirroring passwords are encrypted when they are stored, Storage

Mirroring security design does assume that any machine running the Storage Mirroring

client application is protected from unauthorized access. If you are running the Storage

Mirroring client and step away from your machine, you must protect your machine from

unauthorized access.