Manualshelf

4.0.0 HP Polyserve Matrix Server Administration Guide (T5392-96052, March 2010)

ManualsBrandsHP ManualsSoftwareHP StorageWorks Clustered Gateway Device Management Software
31323334353637383940
Windows authentication
Matrix Server uses NT credentials to authenticate users attempting to access data
on PSFS filesystems.
If you are using HP PolyServe Software for Microsoft SQL Server, a DNS entry
must exist for each Virtual SQL Server/IP address. The entry must include an A
record and a [PTR] record for forward and reverse lookup. Windows authentication
may fail if these records do not exist.
Active Directory
Matrix Server requires that Active Directory be configured. You should be aware of
the following:
All Matrix Server nodes must be members of an Active Directory domain. This is
necessary for filesystem security.
Active Directory user and groups should be used in filesystem ACLs and SQL
Server service accounts and roles. Do not use local users and groups for these
purposes because they are meaningless to other nodes in the matrix.
Matrix Server nodes should not be used as domain controllers because the two
services will compete for resources, resulting in decreased performance.
The DNS servers used by Active Directory and Matrix Server should not reside
on Matrix Server nodes. Placing the DNS servers on Matrix Server nodes creates
a race condition that prevents Matrix Server from starting.
If you are using HP PolyServe Software for Microsoft SQL Server and want to use
Kerberos for Windows authentication, you will need to register a valid SPN for
the Virtual SQL Server. If the startup account for the sqlserver service is a domain
admin or Localsystem, register an SPN for the Virtual SQL Server/hostname. If
the startup account for the sqlserver service is not a domain admin or Localsystem,
then register an SPN for the USER account. (If Kerberos is not used, an SPN should
not be registered for the Virtual SQL Server.) For more information, see DNS
Misconfiguration Causes Connection Failure in the HP PolyServe Software for
Microsoft SQL Server administration guide.
Other considerations
If Role-Based Security is used, assign users/groups to appropriately configured
roles that give Matrix Server administrators the least-privilege needed to perform
operations.
Enabling User Access Control (UAC) adds an additional layer of security to your
authentication and can cause some of the previously acceptable authentication
HP PolyServe Matrix Server administration guide 31