HP StorageWorks Application Recovery Manager Installation and Licensing Guide (T4395-96002, February 2008)
Maintaining the Installation
Security Considerations
Chapter 3 71
Note that users have to be reconfigured also when reverting back to the
default user validation, if you had to modify user specifications when you
enabled the strict hostname checking. It is therefore recommended to
decide which user validation you would like to use and keep using it.
A prerequisite for a reliable reverse DNS lookup is a secure DNS server.
You must prevent physical access and log on to all unauthorized
personnel.
By configuring users with IPs instead of hostnames, you can avoid some
DNS related validation problems, but such configuration is more difficult
to maintain.
Requirement The enhanced validation does not automatically grant access for certain
internal connections. Therefore, when this validation is used, a new user
must be added for each of the following:
• It is required to add the user SYSTEM, NT AUTHORITY, <client> for
each client where a ZDB Agent and VSSBAR are installed. Note that
if Inet on a certain client is configured to use a specific account, this
account must have already been configured. For more information,
refer to the online Help index: “strict hostname checking”.
For detailed information on user configuration, refer to the online Help
index: “configuring, users”.
Enabling the Feature
To enable the strict hostname checking, set the StrictSecurityFlags
flag 0x0003 in the global options file.
For more information about the global options file, refer to the online
Help.
Start Backup Specification User Right
For general information about the Application Recovery Manager users
and user rights, refer to the online Help index: “users”.
The Start backup specification user right alone does not enable a
user to use the Backup context in the GUI. The user is allowed to start a
backup specification from the command line by using the omnib with the
-datalist option.