HP Archive Backup System for OpenVMS Guide to Operations
HP Archive Backup System for OpenVMS Guide to Operations HP Archive Backup System for OpenVMS Guide to Operations
Security 5.3 Implementing a Security Strategy • Your domain consists of a limited number of sites managed by a single organization in a secure environment: Since management of the domain is still under a single organization, a combination of high-level and low-level rights MDMS rights and limited access control checking may be appropriate. Access control entries on volumes and archives might be appropriate to specifically limit who can access data. Loose access control is recommended so objects without access control entries can be accessed. This level of security requires a moderate amount of maintenance. • Your domain needs to be very secure, or your domain is geographically distributed or managed by multiple organizations that do not wish to interfere with each other’s resources. In this case, tight access control with access control entries on every object may be required. This allows each organization to maintain their own resources (volumes, pools, saves, restores and so on), while sharing common resources such as nodes, jukeboxes and drives. An alternative to a distributed domain is to have multiple domains, but resources such as jukeboxes cannot be shared across domains. This level of security requires a substantial amount of maintenance. HP recommends that you begin your security setup by assigning MDMS rights to users, and determining the high-level to low-level mappings carefully. Once these are assigned, assign various users high-level rights based on their function. For certain users whose access needs are not cleanly defined as “User” or “Operator”, assign additional needed low-level rights to those users. HP also recommends that you disable access control checking in the domain until all of the following are complete: • You have installed the product(s), including any conversions from previous versions or previous products such as SLS. • You have configured your domain. • You have utilized the product(s) successfully in a production environment. You can perform ABS saves and restores, or HSM shelving and unshelving, successfully. • You have analyzed your security requirements and determined that access controls on individual objects are required. You may be concerned that MDMS enforces both access control and MDMS rights in order to access objects. Why can’t MDMS_ALL_RIGHTS override all access controls? The answer to this is that MDMS_ALL_RIGHTS can be granted to anyone with SYSPRV privilege on any node in the MDMS domain. As the domain is a distributed object, potentially available to multiple organizations, you may not want privileged users in the domain but outside of your organization accessing your resources. As such, even users with MDMS_ALL_RIGHTS should be subject to access control checking. However, you can enable domain-wide “super users” by defining them with full access control access to the domain. You should limit this access to trusted users across the domain. As these users have the same level of access to all objects as they do the domain, if they are also granted MDMS_ALL_RIGHTS, then they can perform any operation on any object in the domain. 5-6 Security
6 User Interfaces ABS and MDMS support two distinct user interfaces, as follows: • A Graphical User Interface that combines both ABS and MDMS functions in a single GUI, and which you can run on OpenVMS systems and Windows PCs. • A DCL interface, which now exclusively uses MDMS commands. The old ABS DCL interface is still available for backward compatibility, but will not be enhanced any further. Both interfaces are designed to be full-function, so the choice of which interface to use is strictly your preference. It is not necessary to switch between interfaces to perform routine management tasks. 6.1 Graphical User Interface MDMS provides a graphical user interface called MDMSView, which provides several views that you can use to manage your MDMS domain. MDMSView provides support for both media management and (if you have an ABS license) the Archive Backup System. MDMSView is designed to be the preferred interface to ABS and MDMS, with the goal of supporting most, if not all, of the regular management tasks. MDMSView supersedes all previous graphical interfaces for both ABS and MDMS. MDMSView provides several views into the management of MDMS objects and requests, including ABS objects managed by MDMS. In V4.4, a limited number of views have been implemented, but many more are planned for future releases. MDMSView currently supports the following views: • Domain View - With this view, you can see the relationship between objects. For example, under a specific location, you can see the nodes, (child) locations and jukeboxes in that location. At the next level, you can, for example, see the drives in the jukebox. On selecting a specific object, you can then examine and optionally change its attributes. • Event View - This view allows you to examine the MDMS event and audit logfile, using a variety of selection criteria. • Object View - Similar to the domain view, but the navigation is by object class and is not hierarchical. For example, all 17 objects classes are listed, and all objects in those classes are displayed. You can then select an object to manipulate. • Report View - This view allows you to generate reports on a class of object using selection criteria and attribute display options. Currently, the report view supports only volumes. • Request View - This view allows you to examine current activities in the MDMS database server. A request summary and detailed request information is available, with a single click refresh. User Interfaces 6–1
- Page 53 and 54: Table 3-3 Disk, File, Path and Data
- Page 55 and 56: Saving and Restoring Data 3.5 Saves
- Page 57 and 58: Saving and Restoring Data 3.5 Saves
- Page 59 and 60: • First disk/file specification p
- Page 61 and 62: 3.5.17.1 HOLIDAYS.DAT Record Format
- Page 63 and 64: Saving and Restoring Data 3.6 Selec
- Page 65 and 66: 3.7.2 Command 3.7.3 Restriction Sav
- Page 67: 3.7.5 Include and Exclude 3.7.6 Tim
- Page 70 and 71: Media Management 4.2 Domain 4.2.1 A
- Page 72 and 73: Media Management 4.2 Domain 4.2.15
- Page 74 and 75: Media Management 4.3 Drives 4.3.5 D
- Page 76 and 77: Media Management 4.3 Drives 4.3.15
- Page 78 and 79: Media Management 4.5 Jukeboxes 4.5.
- Page 80 and 81: Media Management 4.5 Jukeboxes 4.5.
- Page 82 and 83: Media Management 4.7 Magazines 4.6.
- Page 84 and 85: Media Management 4.8 Media Types 4.
- Page 86 and 87: Media Management 4.11 Volumes 4.10.
- Page 88 and 89: Media Management 4.11 Volumes Table
- Page 90 and 91: Media Management 4.11 Volumes 4.11.
- Page 92 and 93: Media Management 4.11 Volumes neede
- Page 94 and 95: Media Management 4.11 Volumes • R
- Page 96 and 97: Media Management 4.11 Volumes 4.11.
- Page 99 and 100: 5 Security The security model used
- Page 101 and 102: Security 5.1 MDMS Rights Table 5-1
- Page 103: Table 5-4 Domain Access Control Opt
- Page 107 and 108: 6.1.3 Logging In User Interfaces 6.
- Page 109 and 110: User Interfaces 6.1 Graphical User
- Page 111 and 112: User Interfaces 6.1 Graphical User
- Page 113 and 114: Figure 6-5 Domain View Showing Expa
- Page 115 and 116: User Interfaces 6.1 Graphical User
- Page 117 and 118: 6.1.13 Viewing MDMS Audit and Event
- Page 119 and 120: 6.2.1 Syntax Overview User Interfac
- Page 121 and 122: User Interfaces 6.3 User Interface
- Page 123 and 124: 7 Preparing For Disaster Recovery I
- Page 125 and 126: 7.1.2 Backup of MDMS$ROOT Preparing
- Page 127 and 128: 7.2 Prolog and Epilog Procedure Pre
- Page 129 and 130: 7.2.1 Restoring The System Disk To
- Page 131 and 132: 8 Remote Devices 8.1 RDF Installati
- Page 133 and 134: Remote Devices 8.4 Monitoring and T
- Page 135 and 136: 8.4.4 Changing Network Parameters f
- Page 137 and 138: • Free Space is 20 Remote Devices
- Page 139 and 140: Remote Devices 8.5 Controlling Acce
- Page 141: Remote Devices 8.7 RDF Error Messag
- Page 144 and 145: System Backup to Tape for Oracle Da
- Page 146 and 147: System Backup to Tape for Oracle Da
- Page 148 and 149: System Backup to Tape for Oracle Da
- Page 150 and 151: System Backup to Tape for Oracle Da
- Page 152 and 153: System Backup to Tape for Oracle Da
6<br />
User Interfaces<br />
ABS and MDMS support two distinct user interfaces, as follows:<br />
• A Graphical User Interface that combines both ABS and MDMS functions in a single GUI,<br />
and which you can run on <strong>OpenVMS</strong> systems and Windows PCs.<br />
• A DCL interface, which now exclusively uses MDMS commands. The old ABS DCL interface<br />
is still available <strong>for</strong> backward compatibility, but will not be enhanced any further.<br />
Both interfaces are designed <strong>to</strong> be full-function, so the choice of which interface <strong>to</strong> use is strictly<br />
your preference. It is not necessary <strong>to</strong> switch between interfaces <strong>to</strong> per<strong>for</strong>m routine management<br />
tasks.<br />
6.1 Graphical User Interface<br />
MDMS provides a graphical user interface called MDMSView, which provides several views that<br />
you can use <strong>to</strong> manage your MDMS domain. MDMSView provides support <strong>for</strong> both media management<br />
and (if you have an ABS license) the <strong>Archive</strong> <strong>Backup</strong> <strong>System</strong>. MDMSView is designed<br />
<strong>to</strong> be the preferred interface <strong>to</strong> ABS and MDMS, with the goal of supporting most, if not all, of<br />
the regular management tasks. MDMSView supersedes all previous graphical interfaces <strong>for</strong> both<br />
ABS and MDMS.<br />
MDMSView provides several views in<strong>to</strong> the management of MDMS objects and requests,<br />
including ABS objects managed by MDMS. In V4.4, a limited number of views have been<br />
implemented, but many more are planned <strong>for</strong> future releases. MDMSView currently supports the<br />
following views:<br />
• Domain View - With this view, you can see the relationship between objects. For example,<br />
under a specific location, you can see the nodes, (child) locations and jukeboxes in that location.<br />
At the next level, you can, <strong>for</strong> example, see the drives in the jukebox. On selecting a<br />
specific object, you can then examine and optionally change its attributes.<br />
• Event View - This view allows you <strong>to</strong> examine the MDMS event and audit logfile, using a<br />
variety of selection criteria.<br />
• Object View - Similar <strong>to</strong> the domain view, but the navigation is by object class and is not<br />
hierarchical. For example, all 17 objects classes are listed, and all objects in those classes<br />
are displayed. You can then select an object <strong>to</strong> manipulate.<br />
• Report View - This view allows you <strong>to</strong> generate reports on a class of object using selection<br />
criteria and attribute display options. Currently, the report view supports only volumes.<br />
• Request View - This view allows you <strong>to</strong> examine current activities in the MDMS database<br />
server. A request summary and detailed request in<strong>for</strong>mation is available, with a single click<br />
refresh.<br />
User Interfaces 6–1