| ETERNUS SF AdvancedCopy Manager Operator's Guide 13.0 -Solaris- |
|
Contents
Index
|
This chapter details the security operation using the authentication feature provided by AdvancedCopy Manager.
AdvancedCopy Manager provides features for backup management, and replication management or operation. If any of the features is incorrectly used, AdvancedCopy Manager may stop operating.
AdvancedCopy Manager allows you to set access permissions for each user performing backups. Authentication feature provide security of the backup operation and the replication operation.
In AdvancedCopy Manager the authentication information must fulfill the following conditions:
A user name consists of two to eight alphanumeric characters. (The colon symbol cannot be used.)
The password for the user name consists of up to 28 alphanumeric characters.
Table 3.1 shows access permissions that can be specified on AdvancedCopy Manager.
|
Access permission |
Description |
|---|---|
|
Write permission |
Allows you to change the operation information (such as policy information) and perform a series of storage operations. A write permission includes execute and read permissions. |
|
Execute permission |
Allows you to perform a series of storage operations and read information. An execute permission includes a read permission. |
|
Read permission |
Allows you only to read information. |
Table 3.2 shows the operations on the initial window made available to each of the access permissions.
|
Operation name |
Write permission |
Execute permission |
Read permission |
|---|---|---|---|
|
Server information display |
Yes |
Yes |
Yes |
|
Device information display |
Yes |
Yes |
Yes |
|
Partition information display |
Yes |
Yes |
Yes |
|
Columns |
Yes |
Yes |
Yes |
|
Refresh |
Yes |
Yes |
Yes |
|
List Devices Using the Same Copy Area |
Yes |
Yes |
Yes |
|
Add Server |
Yes |
No |
No |
|
Update Server |
Yes |
No |
No |
|
Delete Server |
Yes |
No |
No |
|
Refresh Server |
Yes |
No |
No |
|
Refresh Device |
Yes |
No |
No |
|
Delete Device |
Yes |
No |
No |
Yes: Enabled No: Disabled
The access permissions for the initial window are determined by the logical sum of the access permissions for the backup management function and the replication management function.
Table 3.3 shows the backup management operations made available for each of the access permissions.
|
Operation name |
Write permission |
Execute permission |
Read permission |
|---|---|---|---|
|
Window display |
Yes |
Yes |
Yes |
|
Backup |
Yes |
Yes |
No |
|
Restoration |
Yes |
Yes |
No |
|
Recovery |
Yes |
Yes |
No |
|
Delete History |
Yes |
Yes |
No |
|
Start Backup Synchronization processing |
Yes |
Yes |
No |
|
Cancel Backup synchronization processing |
Yes |
Yes |
No |
|
Match Resources |
Yes |
Yes |
No |
|
Set Backup Policy |
Yes |
No |
No |
|
Delete Backup Policy |
Yes |
No |
No |
|
Set Device Information |
Yes |
No |
No |
|
Set Storage Server Configuration Information |
Yes |
No |
No |
Yes: Enabled No: Disabled
Table 3.4 shows the replication management operations that are made available for each of the access permissions.
|
Operation name |
Write permission |
Execute permission |
Read permission |
|---|---|---|---|
|
Window display |
Yes |
Yes |
Yes |
|
Transfer Buffer Status |
Yes |
Yes |
Yes |
|
Start Synchronous Processing |
Yes |
Yes |
No |
|
Change Synchronization Mode |
Yes |
Yes |
No |
|
Replicate |
Yes |
Yes |
No |
|
Cancel Replication Processing |
Yes |
Yes |
No |
|
Reverse Synchronous Processing Direction |
Yes |
Yes |
No |
|
Perform Resource Adjustment |
Yes |
Yes |
No |
|
Set Replication Volume Information |
Yes |
No |
No |
|
Delete Replication Volume Information |
Yes |
No |
No |
|
Change Buffer Setting |
Yes |
No |
No |
Yes: Enabled No: Disabled
This section describes how to perform the security operation on AdvancedCopy Manager.
The following shows the flow of setup.
The following steps describe the operational details. For a description, operational methods, and notes on each window, see "Operating the Authentication Feature Window" in the "ETERNUS SF AdvancedCopy Manager User's Guide".
Specify the URL of the AdvancedCopy Manager initial window to display it.
After the following login window is displayed, specify a root user name and the password for the root user, and then click the [OK] button.
The initial window of AdvancedCopy Manager will be displayed.
From the Security menu in the initial window, select [Users and Permissions].
From the operation menu, select [Add user]. The following window will be displayed.
From the "User list", select a user to be added to move it to the "User to be added" list. From the combo box, select an access permission and click the [OK] button. You can add either a specific user or multiple users. After you have set the access permission, click the [OK] button. The addition of the user and the access permission for this user will be completed.
The displayed user name is one that is registered on the Storage management server.
A user name already registered on one of the management systems will not be displayed in the user name list dialog.
If no user to be added exists, the following warning dialog will be output and you will be returned to the authentication feature management window.
For operation using an authentication mechanism in a cluster system, note the following points that do not apply to regular operation:
Set the same account information (e.g., user accounts, passwords, groups) to the primary node and secondary node.
The size of the authentication management screen is not inherited after failover.
To transfer authentication information to a storage management server in non-cluster operation, take the following steps:
Before canceling the cluster configuration of the storage management server transaction, execute the "/opt/FJSVswssc/bin/smmkbat" command on the primary side of the storage management server transaction to extract the definition information. Execute the command with root user permission. The information is extracted as a shell script enumerating commands that reflect the definition information.
|
/opt/FJSVswssc/bin/smmkbat -f definition-information-output-shell-script |
To the storage management server transaction, execute the cluster setup command of AdvancedCopy Manager to cancel the cluster configuration.
On the storage management server, run the definition information output shell script extracted. Run the script with root user permission.
|
Contents
Index
|