User`s guide
Chapter 3. Implementing the INRANGE FC/9000 Fibre Channel Director 205
3.2.8 Security considerations
As a SAN may store a great deal of sensitive and often confidential corporate
information, it might be interesting to consider some security issues, such as:
User management
Consequences of zoning methods
Location access
We will describe these issues as they relate to the usage of the INRANGE
FC/9000 director.
User management
As described in 3.2.7, “Defining users” on page 197 INRANGE provides different
types of users.
User settings are saved in the IN-VSN servers database but not on the directors
themselves. To ensure the ability to recover from an IN-VSN server failure, we
advise you to use the Auto-Backup function. This backup setting is done using
the IN-VSN server interface as described in 3.3.1, “Setting up operational
parameters” on page 207.
You can have multiple users defined and also logged into the IN-VSN software at
the same time. Please be aware of these important issues:
You cannot segment the fabric for different users. So an IN-VSN user always
has access to the whole fabric. It is not possible to limit the user’s access to
NT server ports or AIX ports only. The philosophy behind this is the same as
with Brocade or McDATA’s management tools. A SAN should be managed by
a dedicated storage manager, regardless of which server platforms are
attached to the SAN.
Different users with the same level (for example, admin) can have access to
the fabric at the same time. This could result in chaos, since both active users
are allowed to make changes. Consequently, we recommend that only a
limited number of people have admin rights to the same fabric.
The IN-VSN default users (admin, oper, view) are always the same globally,
including their passwords. Consequently, you should not consider them as
secure enough. Therefore, we advise you to delete them after you have
added your own users.