HP Archive Backup System for OpenVMS Guide to Operations
Share Embed Flag
Download ePaper

HP Archive Backup System for OpenVMS Guide to Operations

HP Archive Backup System for OpenVMS Guide to Operations HP Archive Backup System for OpenVMS Guide to Operations

h71000.www7.hp.com
from h71000.www7.hp.com More from this publisher
06.11.2014 Views

Security 5.3 Implementing a Security Strategy • Your domain consists of a limited number of sites managed by a single organization in a secure environment: Since management of the domain is still under a single organization, a combination of high-level and low-level rights MDMS rights and limited access control checking may be appropriate. Access control entries on volumes and archives might be appropriate to specifically limit who can access data. Loose access control is recommended so objects without access control entries can be accessed. This level of security requires a moderate amount of maintenance. • Your domain needs to be very secure, or your domain is geographically distributed or managed by multiple organizations that do not wish to interfere with each other’s resources. In this case, tight access control with access control entries on every object may be required. This allows each organization to maintain their own resources (volumes, pools, saves, restores and so on), while sharing common resources such as nodes, jukeboxes and drives. An alternative to a distributed domain is to have multiple domains, but resources such as jukeboxes cannot be shared across domains. This level of security requires a substantial amount of maintenance. HP recommends that you begin your security setup by assigning MDMS rights to users, and determining the high-level to low-level mappings carefully. Once these are assigned, assign various users high-level rights based on their function. For certain users whose access needs are not cleanly defined as “User” or “Operator”, assign additional needed low-level rights to those users. HP also recommends that you disable access control checking in the domain until all of the following are complete: • You have installed the product(s), including any conversions from previous versions or previous products such as SLS. • You have configured your domain. • You have utilized the product(s) successfully in a production environment. You can perform ABS saves and restores, or HSM shelving and unshelving, successfully. • You have analyzed your security requirements and determined that access controls on individual objects are required. You may be concerned that MDMS enforces both access control and MDMS rights in order to access objects. Why can’t MDMS_ALL_RIGHTS override all access controls? The answer to this is that MDMS_ALL_RIGHTS can be granted to anyone with SYSPRV privilege on any node in the MDMS domain. As the domain is a distributed object, potentially available to multiple organizations, you may not want privileged users in the domain but outside of your organization accessing your resources. As such, even users with MDMS_ALL_RIGHTS should be subject to access control checking. However, you can enable domain-wide “super users” by defining them with full access control access to the domain. You should limit this access to trusted users across the domain. As these users have the same level of access to all objects as they do the domain, if they are also granted MDMS_ALL_RIGHTS, then they can perform any operation on any object in the domain. 5-6 Security

6 User Interfaces ABS and MDMS support two distinct user interfaces, as follows: • A Graphical User Interface that combines both ABS and MDMS functions in a single GUI, and which you can run on OpenVMS systems and Windows PCs. • A DCL interface, which now exclusively uses MDMS commands. The old ABS DCL interface is still available for backward compatibility, but will not be enhanced any further. Both interfaces are designed to be full-function, so the choice of which interface to use is strictly your preference. It is not necessary to switch between interfaces to perform routine management tasks. 6.1 Graphical User Interface MDMS provides a graphical user interface called MDMSView, which provides several views that you can use to manage your MDMS domain. MDMSView provides support for both media management and (if you have an ABS license) the Archive Backup System. MDMSView is designed to be the preferred interface to ABS and MDMS, with the goal of supporting most, if not all, of the regular management tasks. MDMSView supersedes all previous graphical interfaces for both ABS and MDMS. MDMSView provides several views into the management of MDMS objects and requests, including ABS objects managed by MDMS. In V4.4, a limited number of views have been implemented, but many more are planned for future releases. MDMSView currently supports the following views: • Domain View - With this view, you can see the relationship between objects. For example, under a specific location, you can see the nodes, (child) locations and jukeboxes in that location. At the next level, you can, for example, see the drives in the jukebox. On selecting a specific object, you can then examine and optionally change its attributes. • Event View - This view allows you to examine the MDMS event and audit logfile, using a variety of selection criteria. • Object View - Similar to the domain view, but the navigation is by object class and is not hierarchical. For example, all 17 objects classes are listed, and all objects in those classes are displayed. You can then select an object to manipulate. • Report View - This view allows you to generate reports on a class of object using selection criteria and attribute display options. Currently, the report view supports only volumes. • Request View - This view allows you to examine current activities in the MDMS database server. A request summary and detailed request information is available, with a single click refresh. User Interfaces 6–1

6<br />

User Interfaces<br />

ABS and MDMS support two distinct user interfaces, as follows:<br />

• A Graphical User Interface that combines both ABS and MDMS functions in a single GUI,<br />

and which you can run on <strong>OpenVMS</strong> systems and Windows PCs.<br />

• A DCL interface, which now exclusively uses MDMS commands. The old ABS DCL interface<br />

is still available <strong>for</strong> backward compatibility, but will not be enhanced any further.<br />

Both interfaces are designed <strong>to</strong> be full-function, so the choice of which interface <strong>to</strong> use is strictly<br />

your preference. It is not necessary <strong>to</strong> switch between interfaces <strong>to</strong> per<strong>for</strong>m routine management<br />

tasks.<br />

6.1 Graphical User Interface<br />

MDMS provides a graphical user interface called MDMSView, which provides several views that<br />

you can use <strong>to</strong> manage your MDMS domain. MDMSView provides support <strong>for</strong> both media management<br />

and (if you have an ABS license) the <strong>Archive</strong> <strong>Backup</strong> <strong>System</strong>. MDMSView is designed<br />

<strong>to</strong> be the preferred interface <strong>to</strong> ABS and MDMS, with the goal of supporting most, if not all, of<br />

the regular management tasks. MDMSView supersedes all previous graphical interfaces <strong>for</strong> both<br />

ABS and MDMS.<br />

MDMSView provides several views in<strong>to</strong> the management of MDMS objects and requests,<br />

including ABS objects managed by MDMS. In V4.4, a limited number of views have been<br />

implemented, but many more are planned <strong>for</strong> future releases. MDMSView currently supports the<br />

following views:<br />

• Domain View - With this view, you can see the relationship between objects. For example,<br />

under a specific location, you can see the nodes, (child) locations and jukeboxes in that location.<br />

At the next level, you can, <strong>for</strong> example, see the drives in the jukebox. On selecting a<br />

specific object, you can then examine and optionally change its attributes.<br />

• Event View - This view allows you <strong>to</strong> examine the MDMS event and audit logfile, using a<br />

variety of selection criteria.<br />

• Object View - Similar <strong>to</strong> the domain view, but the navigation is by object class and is not<br />

hierarchical. For example, all 17 objects classes are listed, and all objects in those classes<br />

are displayed. You can then select an object <strong>to</strong> manipulate.<br />

• Report View - This view allows you <strong>to</strong> generate reports on a class of object using selection<br />

criteria and attribute display options. Currently, the report view supports only volumes.<br />

• Request View - This view allows you <strong>to</strong> examine current activities in the MDMS database<br />

server. A request summary and detailed request in<strong>for</strong>mation is available, with a single click<br />

refresh.<br />

User Interfaces 6–1

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!