Manualshelf

HP StorageWorks Application Recovery Manager Installation and Licensing Guide (T4395-96002, February 2008)

ManualsBrandsHP ManualsSoftwareHP Application Recovery Manager Cell Manager Windows Media Kit
81828384858687888990
Maintaining the Installation
Security Considerations
Chapter 364
During backup or restore data is transferred via network. You should
provide sufficient separation from the untrusted network.
Refer also to the online Help for other security related aspects.
Securing Clients
After you have installed Application Recovery Manager clients and
imported them to a cell, it is highly recommended to protect the clients
from access by unwanted clients.
Application Recovery Manager allows you to specify from which cell
authorities (Cell Manager and Installation Servers) a client will accept
requests on the Application Recovery Manager port 5555. Consequently,
other computers will not be able to access such a client. See also “Client
Security” on page 61.
For tasks like backup and restore, starting pre- or post-execution scripts,
or importing and exporting clients, the client checks whether the
computer which triggers one of these tasks via the Application Recovery
Manager port (default 5555) is allowed to do so. This security mechanism
instructs the client to accept such actions only from the specified cell
authorities.
Consider
Exceptional
Situations
Before limiting the access to clients, consider the following circumstances
which may cause problems:
A cell authority has several LAN cards and several IP
addresses/client names.
The Cell Manager is cluster-aware.
Application Recovery Manager lets you specify not only one but a list of
systems that are explicitly authorized to connect as a cell authority to
the client. To avoid failure, prepare in advance such a list of all possible
valid client names for alternate cell authorities.
The list should include:
All additional client names (for all LAN cards) of the cell authority.
Client names of all cluster nodes where the Cell Manager might
failover, as well as a cluster virtual server hostname.
The target system name to which a cell authority will be moved in
case of a total hardware failure of the cell authority.