Computer Drive User Manual
Table Of Contents
- Chapter 1. HPSS 7.1 Configuration Overview
- Chapter 2. Security and System Access
- Chapter 3. Using SSM
- 3.1. The SSM System Manager
- 3.2. Quick Startup of hpssgui
- 3.3. Configuration and Startup of hpssgui and hpssadm
- 3.4. Multiple SSM Sessions
- 3.5. SSM Window Conventions
- 3.6. Common Window Elements
- 3.7. Help Menu Overview
- 3.8. Monitor, Operations and Configure Menus Overview
- 3.9. SSM Specific Windows
- 3.10. SSM List Preferences
- Chapter 4. Global & Subsystem Configuration
- 4.1. Global Configuration Window
- 4.2. Storage Subsystems
- 4.2.1. Subsystems List Window
- 4.2.2. Creating a New Storage Subsystem
- 4.2.3. Storage Subsystem Configuration Window
- 4.2.3.1. Create Storage Subsystem Metadata
- 4.2.3.2. Create Storage Subsystem Configuration
- 4.2.3.3. Create Storage Subsystem Servers
- 4.2.3.4. Assign a Gatekeeper if Required
- 4.2.3.5. Assign Storage Resources to the Storage Subsystem
- 4.2.3.6. Create Storage Subsystem Fileset and Junction
- 4.2.3.7. Migration and Purge Policy Overrides
- 4.2.3.8. Storage Class Threshold Overrides
- 4.2.4. Modifying a Storage Subsystem
- 4.2.5. Deleting a Storage Subsystem
- Chapter 5. HPSS Servers
- 5.1. Server List
- 5.1. Server Configuration
- 5.1.1. Common Server Configuration
- 5.1.1. Core Server Specific Configuration
- 5.1.2. Gatekeeper Specific Configuration
- 5.1.3. Location Server Additional Configuration
- 5.1.4. Log Client Specific Configuration
- 5.1.1. Log Daemon Specific Configuration
- 5.1.2. Migration/Purge Server (MPS) Specific Configuration
- 5.1.3. Mover Specific Configuration
- 5.1.3.1. Mover Specific Configuration Window
- 5.1.3.1. Additional Mover Configuration
- 5.1.3.1.1. /etc/services, /etc/inetd.conf, and /etc/xinetd.d
- 5.1.3.1.2. The Mover Encryption Key Files
- 5.1.3.1.3. /var/hpss/etc Files Required for Remote Mover
- 5.1.3.1.1. System Configuration Parameters on IRIX, Solaris, and Linux
- 5.1.3.1.1. Setting Up Remote Movers with mkhpss
- 5.1.3.1.2. Mover Configuration to Support Local File Transfer
- 5.1.1. Physical Volume Repository (PVR) Specific Configuration
- 5.1.1. Deleting a Server Configuration
- 5.1. Monitoring Server Information
- 5.1.1. Basic Server Information
- 5.1.1. Specific Server Information
- 5.1.1.1. Core Server Information Window
- 5.1.1.1. Gatekeeper Information Window
- 5.1.1.1. Location Server Information Window
- 5.1.1.2. Migration/Purge Server Information Window
- 5.1.1.3. Mover Information Window
- 5.1.1.1. Physical Volume Library (PVL) Information Window
- 5.1.1.2. Physical Volume Repository (PVR) Information Windows
- 5.1. Real-Time Monitoring (RTM)
- 5.2. Starting HPSS
- 5.1. Stopping HPSS
- 5.2. Server Repair and Reinitialization
- 5.1. Forcing an SSM Connection
- Chapter 6. Storage Configuration
- 6.1. Storage Classes
- 6.2. Storage Hierarchies
- 6.3. Classes of Service
- 6.4. Migration Policies
- 6.5. Purge Policies
- 6.6. File Families
- Chapter 7. Device and Drive Management
- Chapter 8. Volume and Storage Management
- 8.1. Adding Storage Space
- 8.2. Removing Storage Space
- 8.3. Monitoring Storage Space
- 8.4. Dealing with a Space Shortage
- 8.5. Volume Management
- 8.6. Monitoring and Managing Volume Mounts
- 8.7. New Storage Technology Insertion
- Chapter 9. Logging and Status
- Chapter 10. Filesets and Junctions
- Chapter 11. Files, Directories and Objects by SOID
- Chapter 12. Tape Aggregation
- Chapter 13. User Accounts and Accounting
- Chapter 14. User Interfaces
- Chapter 15. Backup and Recovery
- Chapter 16. Management Tools
This can be "unix" or "ldap".
· <authzURL> - a string used by the authorization mechanism to locate the security data for
this realm. This should be "unix" for UNIX authorization, and for LDAP it should be an
LDAP URL used to locate the entry for the security realm in an LDAP directory.
2.1.2. Security Mechanisms
HPSS 7.1 supports UNIX and Kerberos mechanisms for authentication. It supports LDAP and UNIX
mechanisms for authorization.
2.1.2.1. UNIX
UNIX-based mechanisms are provided both for authentication and authorization. These can draw either
from the actual UNIX user and group information on the current host or from a separately maintained set
of files used only by HPSS. This behavior is controlled by the setting of the variable
HPSS_UNIX_USE_SYSTEM_COMMANDS in /var/hpss/etc/env.conf. If this variable is set to any non-
empty value other than FALSE, the actual UNIX user and group data will be used. Otherwise, local files
created and maintained by the following HPSS utilities will be used. Consult the man pages for each
utility for details of its use.
• hpss_unix_keytab - used to define "keytab" files that can be used to acquire credentials
recognized by the UNIX authentication mechanism.
• hpss_unix_user - used to manage users in the HPSS password file (/var/hpss/etc/passwd).
• hpss_unix_group - used to manage users in the HPSS groups file (/var/hpss/etc/group).
• hpss_unix_passwd - used to change passwords of users in the HPSS password file.
• hpss_unix_keygen - used to create a key file containing a hexadecimal key. The key is used
during UNIX authentication to encrypt keytab passwords. The encryption provides an extra layer
of protection against forged passwords.
Keep in mind that the user and group databases must be kept synchronized across all nodes in an HPSS
system. If using the actual UNIX information, this can be accomplished using a service such as NIS. If
using the HPSS local files, these must manually be kept in synchronization across HPSS nodes.
2.1.2.2. Kerberos 5
The capability to use MIT Kerberos authentication is provided in HPSS 7.1, however, IBM
Service Agreements for HPSS do not provide support for problem isolation nor fixing defects
(Level 2 and Level 3 support) in MIT Kerberos. Kerberos maintenance/support must be site-
provided.
Kerberos 5 is an option for the authentication mechanism. When this option is used, the local realm
name is taken to be the name of a Kerberos realm. The Kerberos security services are used to obtain and
verify credentials.
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 22