HP XP24000 manual About Volume Security Operations, Overview of Volume Security Functions

Page 9

2 About Volume Security Operations

Overview of Volume Security Functions

The Volume Security feature protects data in your storage system from I/O operations performed at mainframe hosts. Volume Security enables you to apply security to volumes so that the specified mainframe hosts will be unable to read from and write to the specified volumes. Volume Security also enables you to prevent data on volumes from being overwritten by erroneous copy operations.

Volume Security can be used in conjunction with an optional program Volume Security Port Option. This optional program can be used to specify storage system ports via which hosts can access volumes.

In the storage system documentation, volumes are sometimes referred to as logical devices (or LDEVs). Also, the storage system documentation sometimes uses the term LDEV security to refer to security policy that Volume Security enables you to apply to volumes.

Protecting Volumes from I/O Operations at Mainframe Hosts

Volume Security enables you to protect volumes from unauthorized accesses by mainframe hosts. To protect volumes from unauthorized accesses, you must create security groups and then register mainframe hosts and/or volumes in security groups. Security groups are classified into access groups or pool groups. To allow some (but not all) mainframe hosts to access volumes, you must classify the security group as an access group. To prohibit all mainframe hosts from access volumes, you must classify the security group as a pool group.

Enabling Only the Specified Hosts to Access Volumes

To allow only some mainframe hosts in your network to access volumes, you must register the mainframe hosts and the volumes in an access group. For example, if you register two hosts (host_A and host_B) and two volumes (vol_C and vol_D) in an access group, only the two hosts will be able to access vol_C and vol_D. No other hosts will able to access vol_C and vol_D.

If mainframe hosts are registered in an access group, the hosts will be able to access volumes in the same access group, but will be unable to access other volumes. For example, if you register two hosts (host_A and host_B) and two volumes (vol_C and vol_D) in an access group, the two hosts can access vol_C and vol_D and cannot access other volumes.

To register hosts in an access group, you must create a host group, register the hosts in the host group, and then register the host group in the desired access group. To register volumes in an access group, you must create an LDEV group, register the volumes in the LDEV group, and then register the LDEV group in the desired access group. Any access group can only contain one host group and one LDEV group.

In Figure 1, six mainframe hosts are attached to a storage system and two access groups are created. Here, the following security settings are applied:

The volumes ldev1 and ldev2 are accessible only from host1, host2, and host3 because the two volumes and the three hosts are registered in the same access group.

XP24000/XP20000 Volume Security User's Guide

9

Image 9
Contents HP StorageWorks XP24000/XP20000 Volume Security Users Guide Edition Date Description Contents Troubleshooting Support and Other ResourcesAcronyms and Abbreviations Index Figures Tables Overview of Volume Security OverviewTerminology Overview of Volume Security Overview of Volume Security Functions About Volume Security OperationsProtecting Volumes from I/O Operations at Mainframe Hosts Enabling Only the Specified Hosts to Access VolumesPort-Level Security Implementation Port-Level SecurityProhibiting All Hosts from Accessing Volumes Protecting Volumes from Erroneous Copy Operations Registering Volumes in an Ldev Group on Supported Volume Emulation TypesMaximum Possible Number of Groups Maximum Possible Number of Hosts and VolumesVolume Security Window Using the Volume Security GUISecurity Group Tree Volume Security WindowSecurity Group Tree Hosts Table Column Description LDEVs TableCreating a Security Group for Use As a Pool Group on Add/Change Security Group Dialog BoxAdd/Change Security Group Dialog Box VOL/R Add/Change Host Group Dialog Box Add/Change Host Group Dialog Box Item Description Add/Change Ldev Group Dialog BoxAdd/Change Ldev Group Dialog Box Registering Hosts to be Attached to the Storage System on Add/Change Host Dialog BoxNo icon Select Ldev Dialog Box Select Ldev Dialog BoxSelect Port Dialog Box Select Port Dialog Box Specify Security Group Dialog Box Specify Security Group Dialog BoxHost to Security Group Dialog Box Host to Security Group Dialog BoxHost to Ldev Dialog Box Host Third The Logical Partition Number of the host Host Group to Security Group Dialog BoxHost Group Specifies a host group Host Group to Port Dialog BoxHost Group to Port Dialog Box Ldev to Security Group Dialog BoxLdev to Security Group Dialog Box Ldev to Host Dialog BoxLdev to Host Dialog Box Information about the channel extender Ldev Group to Security Group Dialog BoxLdev Group to Security Group Dialog Box Error Detail Dialog BoxError Detail Dialog Box Performing Volume Security Operations Launching Volume SecurityViewing Security Settings Locating Security Groups that Contain a Specified Host Locating Volumes in a Specified Security GroupLocating Security Groups that Contain a Specified Volume Locating Ports through Which Hosts Can Access VolumesLocating Security Groups that Contain a Specified Host Group Creating a Host Group Limiting Host AccessRegistering Hosts in a Host Group Registering Ports in a Host Group Creating an Ldev Group Registering Volumes in an Ldev Group Creating a Security Group for Use As an Access Group Prohibiting Host Access Registering Volumes in an Ldev Group Creating a Security Group for Use As a Pool Group Registering an Ldev Group in a Security Group Protecting Volumes from Copy Operations TIP Disabling Volume SecurityEditing Security Groups Unregistering a Host GroupUnregistering an Ldev Group Renaming Security Groups Editing Host Groups Deleting Security GroupsRegistering Hosts to be Attached to the Storage System =CPU Deleting Hosts from Host GroupsDeleting Ports from Host Groups Renaming Host Groups Deleting Volumes from Ldev Groups Editing Ldev GroupsDeleting Host Groups Renaming Ldev Groups Deleting Ldev Groups Performing Volume Security Operations Troubleshooting Troubleshooting Volume SecurityCalling HP Technical Support Troubleshooting Related Documentation Support and Other ResourcesConventions for Storage Capacity Values HP Technical SupportSubscription Service HP WebsitesDocumentation Feedback Acronyms and Abbreviations Acronyms and AbbreviationsAcronyms and Abbreviations Index Pool group, 11 port-level security overview
Related manuals
Manual 42 pages 11.22 Kb Manual 170 pages 46.46 Kb