Controller Installation

2.3.9Setting Security Levels

After you have formatted all the LUNs, you can define users’ access rights. Configurations come in two types:

authorized user

host port zoning

The Authorized User configuration is highly recommended for use in a SAN environment-- your data is completely secured and no accidental plug-in is allowed to do damage such as data change or deletion. Authorized users have access only to their own and “allowed to share” data. Administrators can also restrict users’ access to the host ports and their read/write privileges to the LUNs. Another advantage of this configuration is that the users see the same LUN identification scheme regardless of the host port connection.

The Host Port Zoning configuration provides the minimum level of security. The LUN mappings change according to the host port connection. The read-only and read/write privileges can be specified for each LUN.

The place holder LUN feature allows the controller administrator to map a zero-capacity LUN to a host or group of hosts (via zoning or user authentication). The administrator can then create a real LUN and map it to the host(s) to replace the place holder LUN in the future. In most cases, the host does not have to reboot since it already mapped to the place holder LUN.

NOTE : Support of place holder LUNs is dependent upon the OS (operating system), the driver, and the Host Card Adapter (HCA-IB), or Host Bus Adapter.

2.3.9.1User Authentication (Recommended for SAN Environment)

Each user connected to the controller is identified by a World Wide Name (WWN) or GUID, and is given a unique user ID number. The controller can store configurations for up to 512 users and the security settings apply to all host ports.

Below is an example for adding two users to a system containing two LUNs (numbered 0 and 1). Each user has an internal LUN 1 is shared and “read-only.” Both users see the shared LUN as LUN 0 and they see their own LUN as LUN 1. User 1 has access to host ports 1 and 4 while User 2 only has access to host port 2.

Prior to adding any users, verify that no “anonymous” access is allowed to the system:

1.Enter: zoning<Enter>

24

007-5510-002

Page 37 Page 39
Page 38
Image 38
APC 15000 RAID manual Setting Security Levels, User Authentication Recommended for SAN Environment
Page 37 Page 39
Top Page Image Contents