HP Open View Data Protector for Security Containment

Data Protector Concept

A backup is a process that creates a copy of the data on a backup device. During backups on a

network environment, the data is transferred over the network from systems that need to be backed up

on systems with backup devices. A restore is a process that recreates the original data from a backup

copy. This process consists of the preparation and actual restore of data, and some post-restore

actions that make that data ready for use.

Though Data Protector supports different types of backup and restore operations, this document

discusses disk backup (also known as disk-to-disk backup). Many applications and databases

frequently make small changes to existing files or produce many new files containing business-critical

data throughout the day. These files need to be backed up immediately to guarantee the data in them

will not be lost. This requires a fast medium that can store large amounts of data and that works

without interruption. Today, more and more businesses are augmenting their tape storage backup

solutions with faster disk-based backup solutions because disks are cheaper, more reliable, and faster

than the traditional tape devices. See

HP Open View Storage Data Protector Concepts Guide (B6960-

96001) for more information on the advantages of disk backup.

Data protector has three disk-based devices: file library devices, standalone file devices, and file

jukebox devices. This document uses the file library devices while performing backup and restore

operations. The file library device is the most sophisticated disk-based backup device. The device’s

maximum capacity is the same as the maximum that can be saved on the filesystem on which the

device resides. Each file depot has a maximum capacity of up to 2 TB. The file library device has

intelligent disk space management; it anticipates potential problems. A warning message is written in

the event log file if the amount of free disk space approaches the configured minimum amount

required for the device to work. This enables you to free more disk space in time for the device to

continue saving data. If all the space allocated to the file library device is completely used, a warning

message appears on the screen with instructions on how to solve the problem. HP recommends using

the file library device as the preferred disk-based backup device. See

HP Open View Storage Data

Protector Concepts Guide (B6960-96001) for more information on other devices.

Data Protector uses the default port number 5555. Therefore, this particular port number should not be

used by another program. If the port number 5555 is already in use, you should make it available for

Data Protector or you can change the default port number to an unused port number. See Changing

the Default Port Number on page B-28 of

HP Open View Storage Data Protector Installation and

Licensing Guide (B6960-96002).

Security Containment Concepts

Security Containment primarily consists of three core technologies: compartments, fine-grained

privileges, and Role-Based Access Control.

Compartments

The compartments feature of the HP-UX Security Containment software isolate unrelated resources on

a system, to prevent catastrophic damage to the system if one compartment is compromised. When

an application is configured in a compartment, it has restricted access to system resources (processes,

binaries, data files, and communication channels used) outside its compartment. This restriction is

enforced by the HP-UX kernel and cannot be overridden unless specifically configured to do so. If the

application is compromised, it will not be able to damage other parts of the system because it is

isolated by the compartment configuration.