| ETERNUS SF AdvancedCopy Manager Operator's Guide 13.0 -Microsoft(R) Windows(R) 2000- -Microsoft(R) Windows Server(TM) 2003- |
|
Contents
Index
|
This chapter describes the security operation using the authentication feature provided by AdvancedCopy Manager.
AdvancedCopy Manager provides features for backup management, and replication management or operation. If any of the features is incorrectly used, the operation may stop.
Thus, AdvancedCopy Manager provides a function of setting access permissions for each user on the backup operation and replication operation (authentication feature). Use this function to provide security of the backup operation and replication operation.
On AdvancedCopy Manager the user name and password must be as follows:
Has a user name consisting of up to 20 alphanumeric characters
Has a password consisting of up to 14 alphanumeric characters
The following precautions exist for the operation on Windows(R) 2000/2003.
Setup of NetBIOS over TCP/IP
When you use the backup function on Windows(R) 2000/2003, do not disable NetBIOS over TCP/IP in the detailed settings of TCP/IP. This setting has been enabled upon installation of Windows(R) 2000/2003. If you disable this setting by mistake, enable it as follows:
Access Control panel, then [Network and Dial-up Connections] and open the property of [Local Area Connection].
Select the [Advanced...] button of [Internet Protocol(TCP/IP) Properties] to open the [Advanced TCP/IP Settings] window.
Open the WINS tag and check "Enable NetBIOS over TCP/IP".
Access control using a user principal name
The user authentication and the access control using a user principal name that has been introduced on Windows(R) 2000/2003 is not supported. A user principal name is a user representation that can be used if Active Directory is installed on Windows(R) 2000/2003. A user principal name is expressed as "user-name@dns-name".
Password length on Windows2000/2003
Although a password consisting of up to 127 alphanumeric characters can be specified on Windows2000/2003, only a password consisting of up to 14 alphanumeric characters are valid on AdvancedCopy Manager.
Table 3.1 shows access permissions that can be specified on AdvancedCopy Manager.
|
Access permission |
Description |
|---|---|
|
Write permission |
Allows you to change the operation information (such as policy information) and perform a series of storage operations. A write permission includes execute and read permissions. Only a write permission can be set for a user belonging to the Administrators group. |
|
Execute permission |
Allows you to perform a series of storage operations and read information. An execute permission includes a read permission. |
|
Read permission |
Allows you only to read information. |
Table 3.2 shows the operations on the initial window, made available due to each of the access permissions.
|
Operation |
Write permission |
Execute permission |
Read permission |
|---|---|---|---|
|
Server information display |
Yes |
Yes |
Yes |
|
Device information display |
Yes |
Yes |
Yes |
|
Partition information display |
Yes |
Yes |
Yes |
|
Columns |
Yes |
Yes |
Yes |
|
Refresh |
Yes |
Yes |
Yes |
|
List Devices Using the Same Copy Area |
Yes |
Yes |
Yes |
|
List Devices in the Same Logical Group |
Yes |
Yes |
Yes |
|
Add Server |
Yes |
No |
No |
|
Update Server |
Yes |
No |
No |
|
Delete Server |
Yes |
No |
No |
|
Refresh Server |
Yes |
No |
No |
|
Refresh Device |
Yes |
No |
No |
|
Delete Device |
Yes |
No |
No |
Yes: Enabled; No: Disabled
The access permissions for the initial window are determined by the logical sum of the access permissions for the backup management function and the replication management function.
Table 3.3 shows the backup management operations made available due to each of the access permissions.
|
Operation name |
Write permission |
Execute permission |
Read permission |
|---|---|---|---|
|
Window display |
Yes |
Yes |
Yes |
|
Backup |
Yes |
Yes |
No |
|
Restoration |
Yes |
Yes |
No |
|
Recovery |
Yes |
Yes |
No |
|
Delete History |
Yes |
Yes |
No |
|
Start Backup Synchronization processing |
Yes |
Yes |
No |
|
Cancel Backup synchronization processing |
Yes |
Yes |
No |
|
Match Resources |
Yes |
Yes |
No |
|
Set Backup Policy |
Yes |
No |
No |
|
Delete Backup Policy |
Yes |
No |
No |
|
Set Device Information |
Yes |
No |
No |
|
Set Storage Server Configuration Information |
Yes |
No |
No |
Yes: Enabled; No: Disabled
Table 3.4 shows the replication management operations that are made available for each of the access permissions.
|
Operation name |
Write permission |
Execute permission |
Read permission |
|---|---|---|---|
|
Window display |
Yes |
Yes |
Yes |
|
Transfer Buffer Status |
Yes |
Yes |
Yes |
|
Start Synchronous Processing |
Yes |
Yes |
No |
|
Change Synchronization Mode |
Yes |
Yes |
No |
|
Replicate |
Yes |
Yes |
No |
|
Cancel Replication Processing |
Yes |
Yes |
No |
|
Reverse Synchronous Processing Direction |
Yes |
Yes |
No |
|
Perform Resource Adjustment |
Yes |
Yes |
No |
|
Set Replication Volume Information |
Yes |
No |
No |
|
Delete Replication Volume Information |
Yes |
No |
No |
|
Change Buffer Setting |
Yes |
No |
No |
Yes: Enabled No: Disabled
This section describes how to perform the security operation on AdvancedCopy Manager.
The following shows the flow of setup procedure.
The following shows the operation work details. For description, operation methods, and notes on each window, see "Operating the Authentication Feature Window" in the "ETERNUS SF AdvancedCopy Manager User's Guide".
Specify the URL of the initial window of AdvancedCopy Manager to display the initial window.
The following login window will be displayed. Specify the user name and the password of a privileged user (a startup account specified when Manager of AdvancedCopy Manager was installed) and click the [OK] button.
The initial window of AdvancedCopy Manager will be displayed.
From the Security menu in the initial window, select [Users and Permissions].
From the operation menu, select [Add user]. The following window will be displayed.
From the User list, select a user to be added to move it to the User list to be added. From the combo box, select an access permission and click the [OK] button. You can add either a specific user or multiple users. After you have set the access permission, click the [OK] button. The addition of a user and the setup of an access permission for this user will be completed.
The displayed user names are local user names registered on the storage management server. If the storage management server is the primary domain controller or the backup domain controller, a "domain user name" will be displayed.
A user to be added must have permission to local logon to the system. If a user without local logon permission is added, the authentication of this user will encounter an error.
A user belonging to the Administrators group is dimmed. Only a "write permission" can be granted to the user. Likewise, only "write permission" can be granted to multiple users if they include a user belonging to the Administrators group.
A user name already registered on one of the management systems will not be displayed in the user name list dialog.
If no user to be added exists, the following warning dialog will be output and you will be sent back to the authentication feature management window.
For operation using an authentication mechanism in a cluster system, note the following points that do not apply to regular operation:
Set the same account information (e.g., user accounts, passwords, groups, user permissions) to the primary node and secondary node.
The size of the authentication management screen is not inherited after failover.
To transfer authentication information from AdvancedCopy Manager on a storage management server in non-cluster operation, take the following steps:
Before canceling the cluster configuration of the storage management server transaction, execute the command below on the primary side of the storage management server transaction to extract the definition information. Execute the command as a user belonging to the Administrators group. The information is extracted as a batch file enumerating commands that reflect the definition information.
|
program-directory\bin\smmkbat -f definition-information-output-batch-file |
To the storage management server transaction, execute the cluster setup command of AdvancedCopy Manager to cancel the cluster configuration.
On the storage management server, run the definition information output batch file extracted. Run the file as a user belonging to the Administrators group.
|
Contents
Index
|