Manualshelf

HP StorageWorks Application Recovery Manager Installation and Licensing Guide (T4395-96002, February 2008)

ManualsBrandsHP ManualsSoftwareHP Application Rvry Management 6.1 Multi OS E-Media
81828384858687888990
Maintaining the Installation
Security Considerations
Chapter 3 63
Application Recovery Manager comes with only a few predefined user
groups. It is recommended to define specific groups for each type of
user in the Application Recovery Manager environment to minimize
the set of rights assigned to them.
The configuration of users is connected with user validation (see
“Strict Hostname Checking” on page 69). Enhanced validation can be
worthless without careful user configuration and vice versa - even the
most careful user configuration can be worked around without the
enhanced validation.
It is important that there are no “weak” user specifications in the
Application Recovery Manager user list. Note that the host part of a
user specification is the strong part (especially with the enhanced
validation), while user and group parts cannot be verified reliably.
Any user with powerful user rights should be configured for the
specific client they will use for Application Recovery Manager
administration. If multiple clients are used, an entry should be added
for each client, rather than specifying such a user as user, group,
<Any>. Non-trusted users should not be allowed to log on to any of
those systems.
See also the online Help index: “configuring, users” for details on
configuring users.
Cell Manager Security
Cell Manager security is important because the Cell Manager has access
to all clients and all data in the cell.
Security of the Cell Manager can be enhanced via the strict hostname
checking functionality. However, it is important that the Cell Manager is
also secured as a client and that Application Recovery Manager users are
configured carefully. Refer to “Strict Hostname Checking” on page 69 and
“Securing Clients” on page 64.
Other Security Aspects
There are also some other security related aspects you should consider:
Users should not have access to any of the trusted clients (Cell
Manager, Installation Servers). Even granting anonymous log on or
ftp access could introduce a serious risk to overall security.
Disk arrays (and the clients they are connected to) must be physically
protected from unauthorized or untrusted personnel.