DMX-3 security features
183
Data Integrity, Availability, and Protection
Some of the security features are transparent to the customer such as
service access authentication and authorization by the EMC CE and
Service Credential (SC) (user ID information) restricted access
(service processor and CE internal functions). Access is definable at a
user level, not just at a host level. All Symmetrix user ID information
information will be encrypted for secure storage within the
Symmetrix. Service processor-based functions will honor Solutions
Enabler Access Control settings per authenticated user in order to
limit view/control of non-owned devices in shared environments
such as Symmetrix or SRDF-connected systems.
Note: The following section contains additional information on access control
and authorization.
Access control and
user authorization
Shared systems, like a Symmetrix storage array, may be vulnerable to
one host, accidentally or intentionally, tampering with another’s
devices. Many product applications such as EMC ControlCenter,
TimeFinder, SRDF, Optimizer, and various ISV products can issue
management commands to any visible device in a Symmetrix system.
Windows hosts can manipulate UNIX data.
To prevent this, Symmetrix Access Controls can be established by an
administrator of the Symmetrix storage site to set up and restrict host
access to and actions on defined sets of devices (access pools) across
the various Symmetrix systems.
When access controls are enabled, the Symmetrix system receives and
validates the host system request based on permissions as defined in
the Access Control Database. Depending upon on the database
content, the host system management syscall may either be
processed normally or denied. If it is denied, an appropriate entry
will be placed in the local host systems SYMAPI log as well as the
Symmetrix Audit Log.
The Solutions Enabler SYMCLI command (symacl), as well as a new
Access Control interface within the Symmetrix Management Console
(SMC) version 5.3 and later, support Symmetrix Access Control
database management. The CLI and SMC interfaces allow users to
simply and easily set up and maintain an access controlled
environment.
To Next Page
Loading...
Need help?
General
