Manualshelf

HP Data Protector MOM Configuration and Troubleshooting Guide

ManualsBrandsHP ManualsSoftwareHP Data Protector V6.11 Software
21222324252627282930
26 | P a g e
Security
When you secure a client, the client names of the systems allowed to access a client, are written
to the allow_hosts file. You can also explicitly deny access to a client from certain computers by
adding their names to the deny_hosts file.
When using a CMMDB, device access for the client Cell Managers can be controlled from the
MoM server by using the allow_hosts and deny_hosts files.
These files are located in the following directories:
On Windows Vista, Windows Server 2008:
Data_Protector_program_data\Config\client
On other Windows systems: Data_Protector_home\Config\client
On HP-UX, Solaris, and Linux systems: /etc/opt/omni/client
On other UNIX systems: /usr/omni/config/client
Specify each client name in a separate line.
Client security is controlled through the allow_hosts file. After you have installed the Data
Protector clients and imported them to a cell, it is highly recommended to secure them. Data
Protector agents installed on the clients in the cell provide numerous powerful capabilities, such as
access to all the data on the system. It is important that these capabilities are available only to the
processes running on cell authorities (Cell Manager and Installation servers), and that all other
requests are rejected.
Data Protector allows you to specify from which cell authorities a client will accept requests on
the Data Protector port (default 5555). For activities such as backing up and restoring, starting
pre- and post-exec commands, and importing and exporting clients, the client checks if the
computer that triggers one of these tasks via the Data Protector port is allowed to do so. Other
computers are not able to access such a client.
Only the hosts that are mentioned in the allow_hosts file will have access to shared media on
the MoM server.
An entire Cell Manager can be secured with all clients in it via the GUI.
To secure a client via the GUI, right-click on the client properties, and select Secure.
To secure a Cell Manager via the GUI, right-click on the Cell Manager properties, and select
Secure.
Figure 25: Securing a Cell Manager
Notes:
If you accidentally lock out a client, you can manually edit (or delete) the allow_hosts file on
the client.