Computer Drive User Manual
Table Of Contents
- Chapter 1. HPSS 7.1 Configuration Overview
- Chapter 2. Security and System Access
- Chapter 3. Using SSM
- 3.1. The SSM System Manager
- 3.2. Quick Startup of hpssgui
- 3.3. Configuration and Startup of hpssgui and hpssadm
- 3.4. Multiple SSM Sessions
- 3.5. SSM Window Conventions
- 3.6. Common Window Elements
- 3.7. Help Menu Overview
- 3.8. Monitor, Operations and Configure Menus Overview
- 3.9. SSM Specific Windows
- 3.10. SSM List Preferences
- Chapter 4. Global & Subsystem Configuration
- 4.1. Global Configuration Window
- 4.2. Storage Subsystems
- 4.2.1. Subsystems List Window
- 4.2.2. Creating a New Storage Subsystem
- 4.2.3. Storage Subsystem Configuration Window
- 4.2.3.1. Create Storage Subsystem Metadata
- 4.2.3.2. Create Storage Subsystem Configuration
- 4.2.3.3. Create Storage Subsystem Servers
- 4.2.3.4. Assign a Gatekeeper if Required
- 4.2.3.5. Assign Storage Resources to the Storage Subsystem
- 4.2.3.6. Create Storage Subsystem Fileset and Junction
- 4.2.3.7. Migration and Purge Policy Overrides
- 4.2.3.8. Storage Class Threshold Overrides
- 4.2.4. Modifying a Storage Subsystem
- 4.2.5. Deleting a Storage Subsystem
- Chapter 5. HPSS Servers
- 5.1. Server List
- 5.1. Server Configuration
- 5.1.1. Common Server Configuration
- 5.1.1. Core Server Specific Configuration
- 5.1.2. Gatekeeper Specific Configuration
- 5.1.3. Location Server Additional Configuration
- 5.1.4. Log Client Specific Configuration
- 5.1.1. Log Daemon Specific Configuration
- 5.1.2. Migration/Purge Server (MPS) Specific Configuration
- 5.1.3. Mover Specific Configuration
- 5.1.3.1. Mover Specific Configuration Window
- 5.1.3.1. Additional Mover Configuration
- 5.1.3.1.1. /etc/services, /etc/inetd.conf, and /etc/xinetd.d
- 5.1.3.1.2. The Mover Encryption Key Files
- 5.1.3.1.3. /var/hpss/etc Files Required for Remote Mover
- 5.1.3.1.1. System Configuration Parameters on IRIX, Solaris, and Linux
- 5.1.3.1.1. Setting Up Remote Movers with mkhpss
- 5.1.3.1.2. Mover Configuration to Support Local File Transfer
- 5.1.1. Physical Volume Repository (PVR) Specific Configuration
- 5.1.1. Deleting a Server Configuration
- 5.1. Monitoring Server Information
- 5.1.1. Basic Server Information
- 5.1.1. Specific Server Information
- 5.1.1.1. Core Server Information Window
- 5.1.1.1. Gatekeeper Information Window
- 5.1.1.1. Location Server Information Window
- 5.1.1.2. Migration/Purge Server Information Window
- 5.1.1.3. Mover Information Window
- 5.1.1.1. Physical Volume Library (PVL) Information Window
- 5.1.1.2. Physical Volume Repository (PVR) Information Windows
- 5.1. Real-Time Monitoring (RTM)
- 5.2. Starting HPSS
- 5.1. Stopping HPSS
- 5.2. Server Repair and Reinitialization
- 5.1. Forcing an SSM Connection
- Chapter 6. Storage Configuration
- 6.1. Storage Classes
- 6.2. Storage Hierarchies
- 6.3. Classes of Service
- 6.4. Migration Policies
- 6.5. Purge Policies
- 6.6. File Families
- Chapter 7. Device and Drive Management
- Chapter 8. Volume and Storage Management
- 8.1. Adding Storage Space
- 8.2. Removing Storage Space
- 8.3. Monitoring Storage Space
- 8.4. Dealing with a Space Shortage
- 8.5. Volume Management
- 8.6. Monitoring and Managing Volume Mounts
- 8.7. New Storage Technology Insertion
- Chapter 9. Logging and Status
- Chapter 10. Filesets and Junctions
- Chapter 11. Files, Directories and Objects by SOID
- Chapter 12. Tape Aggregation
- Chapter 13. User Accounts and Accounting
- Chapter 14. User Interfaces
- Chapter 15. Backup and Recovery
- Chapter 16. Management Tools
Chapter 2. Security and System Access
2.1. Security Services
As of release 6.2, HPSS no longer uses DCE security services. The new approach to security divides
services into two APIs, known as mechanisms, each of which has multiple implementations.
Configuration files control which implementation of each mechanism is used in the security realm
(analogous to a DCE cell) for an HPSS system. Security mechanisms are implemented in shared object
libraries and are described to HPSS by a configuration file. HPSS programs that need to use the
mechanism dynamically link the library to the program when the program starts.
The first type of mechanism is the authentication mechanism. This API is used to acquire credentials
and to verify the credentials of clients. Authentication verifies that a client really is who he claims to be.
The second type of mechanism is the authorization mechanism. Once a client's identity has been
verified, this API is used to obtain the authorization details associated with the client such as uid, gid,
group membership, etc., that are used to determine the privileges accorded to the client and the resources
to which it has access.
2.1.1. Security Services Configuration
Ordinarily, the configuration files that control HPSS's access to security services are set up either by the
installation tool, mkhpss, or by the metadata conversion tools. This section is provided purely for
reference. Each of the files below is stored by default in /var/hpss/etc.
• auth.conf, authz.conf
These files define which shared libraries provide implementations of the authentication and
authorization mechanisms, respectively. They are plain text files that have the same format. Each
line is either a comment beginning with # or consists of two fields separated by whitespace: the
path to a shared library and the name of the function used to initialize the security interface.
• site.conf
This file defines security realm options. This is a plain text file in which each line is a comment
beginning with # or is made up of the following fields, separated by whitespace:
<siteName> <realmName> <realmID> <authzMech> <authzURL>
· <siteName> - the name of the local security site. This is usually just the realm name in
lowercase.
· <realmName> - the name of the local security realm. If using Kerberos authentication, this is
the name of the Kerberos realm. For UNIX authentication, it can be any non-empty string. By
convention, it is usually the fully qualified hostname.
· <realmID> - the numeric identifier of the local security realm. If using Kerberos
authentication and this is a preexisting site going through conversion, this value is the same as
the DCE cross cell ID which is a unique number assigned to each site. A new site setting up a
new HPSS system will need to contact an HPSS support representative to obtain a unique
value.
· <authzMech> - the name of the authorization mechanism to be used by this HPSS system.
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 21